Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that

can become vulnerabilities

Home About ▼ CWE List ▼ Mapping ▼ Top-N Lists ▼ Community ▼ News ▼ Search

CWE VIEW: Software Development

View ID: 699
Vulnerability Mapping: PROHIBITED
Type: Graph

Downloads: Booklet | CSV | XML

Objective
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This
includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this
view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety
of categories that are intended to simplify navigation, browsing, and mapping.
Audience

Stakeholder Description
Software developers (including architects, designers, coders, and testers) use this view to better
understand potential mistakes that can be made in specific areas of their software application. The
Software Developers
use of concepts that developers are familiar with makes it easier to navigate this view, and filtering
by Modes of Introduction can enable focus on a specific phase of the development lifecycle.
Educators use this view to teach future developers about the types of mistakes that are commonly
Educators
made within specific parts of a codebase.

Relationships
The following graph shows the tree-like relationships between weaknesses that exist at different levels of abstraction. At the
highest level, categories and pillars exist to group weaknesses. Categories (which are not technically weaknesses) are
special CWE entries used to group weaknesses that share a common characteristic. Pillars are weaknesses that are
described in the most abstract fashion. Below these top-level entries are weaknesses are varying levels of abstraction.
Classes are still very abstract, typically independent of any specific language or technology. Base level weaknesses are used
to present a more specific type of weakness. A variant is a weakness that is described at a very low level of detail, typically
limited to a specific language or technology. A chain is a set of weaknesses that must be reachable consecutively in order to
produce an exploitable vulnerability. While a composite is a set of weaknesses that must all be present simultaneously in
order to produce an exploitable vulnerability.
Show Details:

Expand All | Collapse All | Filter View

699 - Software Development

— API / Function Errors - (1228)
— Audit / Logging Errors - (1210)
— Authentication Errors - (1211)
— Authorization Errors - (1212)
— Bad Coding Practices - (1006)
— Behavioral Problems - (438)
— Business Logic Errors - (840)
— Communication Channel Errors - (417)
— Complexity Issues - (1226)
— Concurrency Issues - (557)
— Credentials Management Errors - (255)
— Cryptographic Issues - (310)
— Key Management Errors - (320)
— Data Integrity Issues - (1214)
— Data Processing Errors - (19)
— Data Neutralization Issues - (137)
— Documentation Issues - (1225)
— File Handling Issues - (1219)
— Encapsulation Issues - (1227)
— Error Conditions, Return Values, Status Codes - (389)
— Expression Issues - (569)
— Handler Errors - (429)
— Information Management Errors - (199)
— Initialization and Cleanup Errors - (452)
— Data Validation Issues - (1215)
— Lockout Mechanism Errors - (1216)
— Memory Buffer Errors - (1218)
— Numeric Errors - (189)
— Permission Issues - (275)
— Pointer Issues - (465)
— Privilege Issues - (265)
— Random Number Issues - (1213)
 — Resource Locking Problems - (411)
— Resource Management Errors - (399)
— Signal Errors - (387)
— State Issues - (371)
— String Errors - (133)
— Type Errors - (136)
— User Interface Security Issues - (355)
— User Session Errors - (1217)

Vulnerability Mapping Notes

Usage: PROHIBITED (this CWE ID must not be used to map to real-world vulnerabilities)

Reason: View

Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

Notes
Other
The top level categories in this view represent commonly understood areas/terms within software development, and
are meant to aid the user in identifying potential related weaknesses. It is possible for the same weakness to exist
within multiple different categories.
Other
This view attempts to present weaknesses in a simple and intuitive way. As such it targets a single level of
abstraction. It is important to realize that not every CWE will be represented in this view. High-level class weaknesses
and low-level variant weaknesses are mostly ignored. However, by exploring the weaknesses that are included, and
following the defined relationships, one can find these higher and lower level weaknesses.
View Metrics
CWEs in this view Total CWEs
Weaknesses 399 out of 939
Categories 40 out of 374
Views 0 out of 50
Total 439 out of 1363

Content History

Submissions
Submission Date Submitter Organization
2008-09-09 CWE Content Team MITRE
(CWE 1.0, 2008-09-09)
Modifications
Previous Entry Names