CWE-1000 View Detail

CWE-1000

Research Concepts
Draft
Graph
2008-04-11 +00:00
2023-06-29 +00:00

Alerte pour un CWE

Stay informed of any changes for a specific CWE.
Alert management

Research Concepts

This view is intended to facilitate research into weaknesses, including their inter-dependencies, and can be leveraged to systematically identify theoretical gaps within CWE. It is mainly organized according to abstractions of behaviors instead of how they can be detected, where they appear in code, or when they are introduced in the development life cycle. By design, this view is expected to include every weakness within CWE.

Informations

Vulnerability Mapping Notes

Rationale : This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comments : Use this View or other Views to search and navigate for the appropriate weakness.

Notes

This view uses a deep hierarchical organization, with more levels of abstraction than other classification schemes. The top-level entries are called Pillars. Where possible, this view uses abstractions that do not consider particular languages, frameworks, technologies, life cycle development phases, frequency of occurrence, or types of resources. It explicitly identifies relationships that form chains and composites, which have not been a formal part of past classification efforts. Chains and composites might help explain why mutual exclusivity is difficult to achieve within security error taxonomies. This view is roughly aligned with MITRE's research into vulnerability theory, especially with respect to behaviors and resources. Ideally, this view will only cover weakness-to-weakness relationships, with minimal overlap and zero categories. It is expected to include at least one parent/child relationship for every weakness within CWE.

Audience

Stakeholder Description
Academic Researchers Academic researchers can use the high-level classes that lack a significant number of children to identify potential areas for future research.
Vulnerability Analysts Those who perform vulnerability discovery/analysis use this view to identify related weaknesses that might be leveraged by following relationships between higher-level classes and bases.
Assessment Tool Vendors Assessment vendors often use this view to help identify additional weaknesses that a tool may be able to detect as the relationships are more aligned with a tool's technical capabilities.

Submission

Name Organization Date Date Release Version
CWE Content Team MITRE 2008-04-11 +00:00 2008-04-11 +00:00 Draft 9

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2008-09-08 +00:00 updated Description, Name, Relationships, View_Audience, View_Structure
CWE Content Team MITRE 2010-02-16 +00:00 updated Relationships
CWE Content Team MITRE 2018-03-27 +00:00 updated Description, Other_Notes, View_Audience
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships, View_Audience
CWE Content Team MITRE 2021-03-15 +00:00 updated Description, Other_Notes
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.