View: Research Concepts
Draft
Type: Graph
Objective
This view is intended to facilitate research into weaknesses, including their inter-dependencies, and can be leveraged to systematically identify theoretical gaps within CWE. It is mainly organized according to abstractions of behaviors instead of how they can be detected, where they appear in code, or when they are introduced in the development life cycle. By design, this view is expected to include every weakness within CWE.
Audience
| Type | Description |
|---|---|
| Academic Researchers | Academic researchers can use the high-level classes that lack a significant number of children to identify potential areas for future research. |
| Vulnerability Analysts | Those who perform vulnerability discovery/analysis use this view to identify related weaknesses that might be leveraged by following relationships between higher-level classes and bases. |
| Assessment Tool Vendors | Assessment vendors often use this view to help identify additional weaknesses that a tool may be able to detect as the relationships are more aligned with a tool's technical capabilities. |
Relationships
Research Concepts- (CWE-1000)
Improper Access Control- (CWE-284)
Incorrect Calculation- (CWE-682)
Insufficient Control Flow Management- (CWE-691)
Protection Mechanism Failure- (CWE-693)
Incorrect Comparison- (CWE-697)
Improper Neutralization- (CWE-707)
Improper Adherence to Coding Standards- (CWE-710)
Mapping Notes
Usage: Prohibited
Reasons: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comment:
Use this View or other Views to search and navigate for the appropriate weakness.