CWE-1337: The 2021 CWE Top 25 Most Dangerous Software Weaknesses

The 2021 CWE Top 25 Most Dangerous Software Weaknesses includes a compilation of CWE entries featured in this view.

The graph provided illustrates the hierarchical connections between weaknesses existing at different levels of abstraction. The highest level comprises of categories and pillars, which serve as a means to categorize weaknesses. Categories, which are not technically weaknesses themselves, are entries specifically designed to group weaknesses sharing a common characteristic. On the other hand, pillars are weaknesses described in a more general context. Encompassing the top-level entries, weaknesses of various levels of abstraction can be found. Classes, which remain highly abstract, are independent of any particular programming language or technology. Providing a more specific type of weakness, base level weaknesses offer a narrower scope. Variants, described in great detail, are typically associated with a specific language or technology. Moreover, chains consist of weaknesses that must be consecutively accessible in order to exploit a vulnerability. Conversely, composites require the simultaneous presence of all weaknesses in order to create an exploitable vulnerability.