Sponsored by the Department of Homeland Security (DHS) and maintained by a team of workers at nonprofit Mitre and other security professionals, the ongoing effort is roughly four months shy of publishing a final draft of its vulnerability encyclopedia, said leaders of the project.

Presenting at the ongoing Black Hat 2007 conference, CWE initiative leaders said they are busy aggregating and organizing the mountains of vulnerability data they have gathered and said they are working more closely than ever with applications security testing companies to help compare the abilities of various software scanning tools.

Launched in Dec. 2005, CWE seeks to establish a unified, measurable set of software flaws to help developers improve the quality of their products and drive out the types of vulnerabilities that have led to the ongoing malware explosion.

By gathering input on commonly seen mistakes from developers, researchers, and security vendors, the group believes it can create a common language and standard procedures for handling the many different types of loopholes that exist in programs' source code today.

Prior to the delivery of a final draft of its encyclopedia of flaws later this year, CWE officials said they are preparing a sixth iteration of the index to likely be published some time in April.