The September/October 2009 Crosstalk has an article by Robert A. Martin entitled "Making Security Measurable and Manageable" which includes a list of security enumerations. The security enumerations are:

  • CVE
  • Common Weakness Enumeration (CWE)
  • Common Attack Pattern Enumeration and Classification (CAPEC)
  • Common Configuration Enumeration (CCE)
  • Common Platform Enumeration (CPE)
  • The SANS Institute Top 20 Security Risks
  • Open Web Application Security Project’s Top 10
  • Web Application Security Consortium’s Threat
  • CWE/SANS Top 25 Most Dangerous Programming Errors