The Common Weakness Risk Analysis Framework (CWRAF) provides a means for software developers and consumers to prioritize software weaknesses that are relevant for their business, mission, and deployed technologies.
The Common Weakness Scoring System (CWSS) provides a mechanism for scoring weaknesses in a consistent, flexible, open manner while accommodating context for the various business domains.