CWE-1026: Understanding Relationship Hierarchy

The nodes in this particular perspective (graph) are linked to the OWASP Top Ten, which was published in 2017.

The graph presented illustrates the hierarchical connections between flaws existing at different levels of abstraction. At the highest level, there are categories and pillars in place to group weaknesses together. Categories, although not actual weaknesses themselves, serve as special CWE entries designed to gather weaknesses with shared characteristics. Pillars, on the other hand, represent the most abstract and generalized descriptions of weaknesses. Below these top-level entries, there are weaknesses at various levels of abstraction. Classes are still highly abstract and not specific to any particular language or technology. Base level weaknesses, on the other hand, provide a more specific type of weakness. Variants, on the lowest level of detail, describe weaknesses limited to specific languages or technologies. Additionally, chains refer to a sequence of weaknesses that must be reached consecutively to exploit a vulnerability. Conversely, composites require the simultaneous presence of multiple weaknesses to create an exploitable vulnerability.