CWE-1340: SMM Representation of Automated Source Code Data Protection

The SMM representation of the measurement specifications for Automated Source Code Data Protection, as identified by the Consortium for Information & Software Quality (CISQ) Working Group, is provided in this perspective.

The graph below demonstrates the hierarchical connections between weaknesses that exist at different levels of abstraction. At the highest level, there are categories and pillars that serve the purpose of grouping weaknesses together. Categories are specialized entries in the CWE that are not weaknesses themselves; rather, they are used to classify weaknesses sharing a common characteristic. On the other hand, pillars are weaknesses described in a highly abstract manner. Below these top-level entries, there are weaknesses at various levels of abstraction. Classes fall into the abstract category and are generally not specific to any particular language or technology. On the other hand, base level weaknesses provide a more specific type of weakness. A variant, in contrast, provides a low level of detail and is often limited to a specific language or technology. A chain refers to a series of weaknesses that must be consecutively reachable to exploit a vulnerability. Conversely, a composite is a combination of weaknesses that must all be present simultaneously to exploit a vulnerability.