CWE-809: Understanding Relationship Hierarchies of CWE

The nodes in this graphical representation are linked with the OWASP Top Ten, which was published in 2010. It is important to note that this particular view is outdated, as there exists a more recent edition of the OWASP Top Ten.

The graph provided illustrates the hierarchical relationships between weaknesses at different levels of abstraction. At the highest level, there are categories and pillars that serve to group weaknesses. Categories, while not actual weaknesses themselves, act as specific CWE entries used to cluster weaknesses with shared characteristics. On the other hand, pillars represent abstract descriptions of weaknesses. Below these top-level entries, there are weaknesses at varying levels of abstraction. Classes are still quite abstract and are typically not specific to a particular language or technology. Base level weaknesses, however, provide a more specific type of weakness. Variants, in contrast, are weaknesses described with great detail and are usually limited to a specific language or technology. Chains refer to a series of weaknesses that must be accessed consecutively to exploit a vulnerability. Conversely, composites consist of a group of weaknesses that must all be present simultaneously to exploit a vulnerability.