This table shows the weaknesses and high level categories that are related to this weakness. Improper Restriction of Operations within the Bounds of a Memory Buffer Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. More specific than a Pillar Weakness, but more general than a Base Weakness. Insufficient Precision or Accuracy of a Real NumberĬlass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. That is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Chains can involve more than two weaknesses, and in some cases, they might have a tree-like structure. When this happens, CWE refers to X as "primary" to Y, and Y is "resultant" from X. One weakness, X, can directly create the conditions that are necessary to cause another weakness, Y, to enter a vulnerable condition. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things.Ĭhain - a Compound Element that is a sequence of two or more separate weaknesses that can be closely linked together within software. Pillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it.
0 kommentar(er)
