English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CWE-1000 View Detail

CWE-1000

Research Concepts
Draft
Graph
2008-04-11 +00:00
2023-06-29 +00:00
CWE Mitre.org

Alerte pour un CWE

Stay informed of any changes for a specific CWE.
Alert management

Research Concepts

This view is intended to facilitate research into weaknesses, including their inter-dependencies, and can be leveraged to systematically identify theoretical gaps within CWE. It is mainly organized according to abstractions of behaviors instead of how they can be detected, where they appear in code, or when they are introduced in the development life cycle. By design, this view is expected to include every weakness within CWE.

Members

CWE-284: Improper Access Control Base

CWE-435: Improper Interaction Between Multiple Correctly-Behaving Entities Base

CWE-664: Improper Control of a Resource Through its Lifetime Base

CWE-682: Incorrect Calculation Base

CWE-691: Insufficient Control Flow Management Base

CWE-693: Protection Mechanism Failure Base

CWE-697: Incorrect Comparison Base

CWE-703: Improper Check or Handling of Exceptional Conditions Base

CWE-707: Improper Neutralization Base

CWE-710: Improper Adherence to Coding Standards Base

Informations

Vulnerability Mapping Notes

Rationale : This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comments : Use this View or other Views to search and navigate for the appropriate weakness.

Notes

This view uses a deep hierarchical organization, with more levels of abstraction than other classification schemes. The top-level entries are called Pillars. Where possible, this view uses abstractions that do not consider particular languages, frameworks, technologies, life cycle development phases, frequency of occurrence, or types of resources. It explicitly identifies relationships that form chains and composites, which have not been a formal part of past classification efforts. Chains and composites might help explain why mutual exclusivity is difficult to achieve within security error taxonomies. This view is roughly aligned with MITRE's research into vulnerability theory, especially with respect to behaviors and resources. Ideally, this view will only cover weakness-to-weakness relationships, with minimal overlap and zero categories. It is expected to include at least one parent/child relationship for every weakness within CWE.

Audience

Stakeholder Description
Academic Researchers Academic researchers can use the high-level classes that lack a significant number of children to identify potential areas for future research.
Vulnerability Analysts Those who perform vulnerability discovery/analysis use this view to identify related weaknesses that might be leveraged by following relationships between higher-level classes and bases.
Assessment Tool Vendors Assessment vendors often use this view to help identify additional weaknesses that a tool may be able to detect as the relationships are more aligned with a tool's technical capabilities.

Submission

Name Organization Date Date Release Version
CWE Content Team MITRE 2008-04-11 +00:00 2008-04-11 +00:00 Draft 9

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2008-09-08 +00:00 updated Description, Name, Relationships, View_Audience, View_Structure
CWE Content Team MITRE 2010-02-16 +00:00 updated Relationships
CWE Content Team MITRE 2018-03-27 +00:00 updated Description, Other_Notes, View_Audience
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships, View_Audience
CWE Content Team MITRE 2021-03-15 +00:00 updated Description, Other_Notes
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes

More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.