CWE-900: Top 25 Most Dangerous Software Errors Graph Relationships

The 2011 CWE/SANS Top 25 Most Dangerous Software Errors includes a listing of CWE entries present in this view (graph).

The graph presented illustrates the hierarchical relationships between weaknesses existing at different levels of abstraction. At the highest level, weaknesses are grouped into categories and pillars. Categories are special CWE entries that serve to group weaknesses sharing a common characteristic, but they do not qualify as weaknesses themselves. Pillars, on the other hand, represent weaknesses described in the most abstract manner. Below these top-level entries, weaknesses are categorized at various levels of abstraction. Classes, which are still highly abstract, remain independent of any specific language or technology. On the other hand, base level weaknesses offer a more specific and detailed type of weakness. Variants, however, provide a very detailed description of a weakness, often limited to a specific language or technology. A chain refers to a sequence of weaknesses that must be exploitable consecutively in order to produce a vulnerability. Conversely, a composite represents a combination of weaknesses that must all be present simultaneously to result in an exploitable vulnerability.