CWE-1194: Hardware Design Weaknesses

The weaknesses addressed in this perspective are centered on concepts that are commonly utilized or come across in the field of hardware design. As a result, this viewpoint can closely correspond to the viewpoints of designers, manufacturers, educators, and assessment vendors. It offers numerous categories aimed at streamlining the process of navigating, browsing, and mapping.

The graph depicted below illustrates the hierarchical connections between different levels of vulnerabilities, resembling a tree structure. At the highest level, there are two entities called categories and pillars, which are utilized for grouping weaknesses. It is important to note that categories are not themselves weaknesses but serve as special entries in the Common Weakness Enumeration (CWE) system for grouping weaknesses with similar characteristics. On the other hand, pillars are weaknesses described in a highly abstract manner. Below these top-level entries, there are weaknesses at varying levels of abstraction. Classes, being at a more abstract level, are generally independent of any specific language or technology. Base level weaknesses, on the other hand, provide more specific information about a particular type of weakness. Variants are weaknesses described in a very detailed manner, typically restricted to a specific language or technology. Chains, in this context, represent a sequence of weaknesses that must be exploited consecutively to create a vulnerability. Conversely, composites refer to a combination of weaknesses that must all be present simultaneously to create an exploitable vulnerability.