CWE-800: Analysis of 2010 CWE/SANS Top 25 Programming Errors

The entries found in this graph pertain to the 2010 CWE/SANS Top 25 Programming Errors. It is important to note that this view is no longer considered up-to-date, as a more recent version of the Top 25 is now accessible.

The graph depicted below illustrates the interconnected relationships between weaknesses that exist at different levels of abstraction. At the highest level, there are categories and pillars which serve to group weaknesses together. Categories, although not technically weaknesses themselves, act as specialized CWE entries that facilitate the grouping of weaknesses with common characteristics. Meanwhile, pillars represent weaknesses described in a more abstract manner. Beneath these top-level entries, there exist weaknesses at various levels of abstraction. Classes, being highly abstract, are typically not dependent on any specific programming language or technology. On the other hand, base level weaknesses provide a more specific categorization of weaknesses. Variants, in contrast, describe weaknesses with a high level of detail, usually specific to a particular programming language or technology. A chain denotes a sequence of weaknesses that must be exploitable consecutively in order to produce a vulnerability. Conversely, a composite refers to a set of weaknesses that must all be present simultaneously to create an exploitable vulnerability.