I was reading a press release for a security analysis program and there was a reference to the "Common Weakness Enumeration site". I was not interested in the product but did decide to investigate the site referenced.
The Common Weakness Enumeration (CWA) is subtitled "A Community-Developed Dictionary of Software Weakness Types." The site is hosted by MITRE”. The scope of the project is to "provides a unified, measurable set of software weaknesses."
It appears that the starting point of this taxonomy of software security weaknesses was quite a few of disparate standards, papers, proposals, etc. A pretty good list and links to original sources can be found on the sources page. Each item in the list includes a description, where the weakness may be introduced, whether it is applicable to particular platforms, examples and related items.