CWE-1387: Hierarchical Connections Between Software Weaknesses

The 2022 CWE Top 25 Most Dangerous Software Weaknesses includes a compilation of CWE entries featured in this view.

The graph provided illustrates the hierarchical connections between weaknesses at different levels of abstraction. At the highest level, weaknesses are organized into categories and pillars. Categories, which are not considered weaknesses themselves, serve as special entries in the Common Weakness Enumeration (CWE) system to group weaknesses with similar characteristics. Pillars, on the other hand, describe weaknesses in a highly abstract manner. Below these top-level entries, weaknesses exist at different levels of abstraction. Classes represent abstract weaknesses that are not dependent on any specific programming language or technology. Base level weaknesses, on the other hand, provide a more specific classification of weaknesses. Variants are weaknesses that are described in a very detailed manner, often specific to a particular programming language or technology. Chains refer to a series of weaknesses that must be exploitable consecutively to result in a vulnerability, whereas composites are sets of weaknesses that must all be present simultaneously to create an exploitable vulnerability.