This perspective organizes vulnerabilities for software assurance, tracking trends in disclosures. It assists academic researchers in assessing software assurance depth.
This perspective categorizes vulnerabilities based on their relevance to extensive software assurance research, aiming to address these weaknesses through strategies such as secure language development. Additionally, it serves the purpose of monitoring trends in weakness disclosures in public vulnerability data. Unlike other perspectives that focus on a specific subset of weaknesses, this comprehensive perspective includes every weakness. It is organized by top-level categories, with weaknesses appearing in a secondary level. Relationship connections between weaknesses within the research view (CWE-1000) are not depicted. Each weakness is assigned to only one category, and the categories are mutually exclusive, meaning a weakness cannot belong to multiple categories. Although weaknesses cannot be strictly categorized based on a single characteristic, assigning them to a single category facilitates certain types of analysis. Notably, the size of each category can vary significantly due to factors such as differing levels of detail within CWEs and the extent of abstraction used in grouping them.
The graph displayed illustrates the hierarchical relationships among weaknesses of different abstraction levels. At the highest level, weaknesses are categorized and organized into pillars. Categories, although not classified as weaknesses themselves, serve as CWE entries that group weaknesses with similar characteristics. Pillars, on the other hand, represent weaknesses described in a broad and abstract manner. Underneath these top-level entries, weaknesses are categorized at varying levels of abstraction. Classes represent abstract weaknesses, usually independent of any specific language or technology. Base level weaknesses, on the other hand, present more specific types of weaknesses. Variants are weaknesses described in great detail, often limited to a particular language or technology. Meanwhile, a chain refers to a sequence of weaknesses that must be accessible consecutively to exploit a vulnerability. Conversely, a composite refers to a collection of weaknesses that must all coexist simultaneously to exploit a vulnerability.