CWE-750: Programming Errors Listed in 2009 CWE/SANS Top 25

The entries in this graph correspond to the programming errors listed in the 2009 CWE/SANS Top 25. However, it is important to note that this graph is now outdated as there is a more recent version of the Top 25 available.

The graph provided demonstrates the hierarchical connections between weaknesses at different levels of abstraction. At the top level, there are categories and pillars which serve to group weaknesses. Categories, although not considered weaknesses themselves, fulfill the purpose of grouping weaknesses that possess shared characteristics. Pillars, on the other hand, represent weaknesses in a highly abstract manner. Below these overarching entries, weaknesses exist at varying levels of abstraction. Classes, which remain abstract, are generally independent of any specific programming language or technology. Base level weaknesses, however, present a more specific type of weakness. Variants, which are described in great detail, typically pertain to a particular programming language or technology. A chain refers to a sequence of weaknesses that must be accessed consecutively in order for an exploitable vulnerability to arise. On the other hand, a composite encompasses a collection of weaknesses that must all exist simultaneously to result in an exploitable vulnerability.