CWE-699: Software Development Weaknesses

Weaknesses in software development are categorized based on commonly used or encountered concepts. This categorization encompasses all stages of the software development process, such as architecture and implementation. As a result, it can be beneficial for architects, developers, educators, and assessment vendors who share similar perspectives. The categorization offers various categories that aim to streamline navigation, browsing, and mapping.

The graph provided illustrates the hierarchical connections between different levels of weaknesses. At the highest level, there are categories and pillars that serve as groupings for weaknesses. Categories are special entries aimed at grouping weaknesses with shared characteristics, even though they are not technically weaknesses themselves. Pillars, on the other hand, represent weaknesses in a highly abstract manner. Beneath these top-level entries, there are weaknesses at various levels of abstraction. Classes are still quite abstract, usually independent of any specific language or technology. Base level weaknesses are employed to describe more specific types of weaknesses. Variants, on the other hand, delve into the low-level details and are often limited to a particular language or technology. A chain represents a series of weaknesses that must be sequentially exploitable to result in a vulnerability. Conversely, a composite comprises multiple weaknesses that must all be simultaneously present to create an exploitable vulnerability.