Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > About CWE > Sources  



Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

This paper aims to help developers and security practitioners understand common types of coding errors that lead to vulnerabilities. By organizing these errors into a simple taxonomy, it is possible to teach developers to recognize categories of problems that lead to vulnerabilities and identify existing errors as they build software. - Katrina Tsipenyuk, Brian Chess, Gary McGraw, NIST Workshop on Software Security Assurance Tools, Techniques, and Metrics, Long Beach, CA, November 2005.

PDF of Paper (73 KB)
PDF of Taxonomy's Graphical Tree (40 KB)
PDF of Taxonomy's Mapping to CWE (64 KB)

The CLASP Application Security Process

CLASP (Comprehensive, Lightweight Application Security Process) provides a well-organized and structured approach for moving security concerns into the early stages of the software development lifecycle, whenever possible. - John Viega, Secure Software, Inc., 2005.

PDF of Paper (from here)
PDF of Taxonomy's Graphical Tree (44 KB)
PDF of Taxonomy's Mapping to CWE (72 KB)

The Preliminary List of Vulnerability Examples for Researchers (PLOVER)

As part of MITRE's participation in the NIST workshops in support of the Software Assurance Metrics and Tool Evaluation (SAMATE) project, some work that started many years ago based on MITRE's work in assigning CVE names to publicly known vulnerabilities was pulled together and presented as input to the Common Weakness Enumeration initiative. In addition to an informal taxonomy, PLOVER includes concepts for a general "vulnerability theory," identification of research gaps, discussion of terminology, and a mapping from PLOVER categories to 1500 CVE names, including an index of hard-to-classify examples. - Steve Christey, NIST Workshop Defining the State of the Art of Software Security Tools, Gaithersburg, MD, August 2005.

PDF of Paper (358 KB)
TEXT of Paper (345 KB)
PDF of Taxonomys Graphical Tree (103 KB)

The Ten Most Critical Web Application Security Vulnerabilities

The Open Web Application Security Project (OWASP) is dedicated to helping organizations understand and improve the security of their web applications and web services. This list was created to focus corporations and government agencies on the most serious of these vulnerabilities. It represents the combined wisdom of OWASP experts, whose experience includes many years of application security work for governments, financial services, pharmaceuticals and manufacturing, as well as developing tools and technology. - The Open Web Application Security Project (OWASP), January 2004.

PDF of Paper (from here)
PDF of Taxonomy's Graphical Tree (20 KB)

The Web Security Threat Classification

The Web Security Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language for web security related issues.- Web Application Security Consortium, November 2005.

PDF of Paper (from here)
PDF of Taxonomy's Graphical Tree (40 KB)

19 Deadly Sins of Software Security Programming Flaws and How to Fix Them

This book is for software developers--regardless of platform, language, or type of application--outlines the "19 deadly sins" of software security and shows how to fix each one. - Michael Howard, David LeBlanc, John Viega, McGraw-Hill Osborne Media, ISBN: 0-07-226085-8, July 2005.

PDF of Taxonomy's Graphical Tree (12 KB)

A Software Flaw Taxonomy: Aiming Tools at Security

In this paper, the authors have coalesced previous efforts to categorize security problems as well as incident reports in order to create a security flaw taxonomy. The authors correlate this taxonomy with available information about current high-priority security threats, and make observations regarding the results. The authors also suggest that this taxonomy is suitable for tool developers and to outline possible areas of future research. - Sam Weber, Paul A. Karger, Amit Paradkar, IBM Research Division, Software Engineering at Secure Systems - Building Trustworthy Applications (SESS'05) St. Louis, Missouri, June 2005.

PDF of Paper (128 KB)
PDF of Taxonomy's Graphical Tree (20 KB)

A Taxonomy of Security Faults in the UNIX Operating System

This thesis defines a classification of security faults in the Unix operating system and the criteria used to categorize the faults and present the different fault types. - Taimur Aslam, Purdue University, August 1995.

PDF of Paper (556 KB)
PDF of Taxonomy's Graphical Tree (12 KB)

A Taxonomy of UNIX System and Network Vulnerabilities

This paper builds on prior work to present another taxonomy, and argue that this classification scheme highlights characteristics of the vulnerabilities it classifies in a more useful way than other work. The unique contribution of this work is an analysis of how to use the Protection Analysis work to improve security of existing systems, and how to write programs with minimal exploitable security flaws. - Matt Bishop, Department of Computer Science University of California at Davis, CSE-95-10, May 1995.

PDF of Paper (100 KB)
PDF of Taxonomy's Graphical Tree (16 KB)

A Taxonomy of Computer Program Security Flaws, with Examples

This paper provides a taxonomy for computer program security flaws together with an appendix that carefully documents 50 actual security flaws. These flaws have all been described previously in the open literature, but in widely separated places. For those new to the field of computer security, they provide a good introduction to the characteristics of security flaws and how they can arise. - Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi, Center for Computer High Assurance Systems Information Technology Division, NRL/FR/5542--93-9591, November 1993.

PDF of Paper (220 KB)
PDF of Taxonomy's Graphical Tree (52 KB)

Protection Analysis: Final Report

The Protection Analysis project was initiated at ISA by ARPA IPTO to further understand operating system security vulnerabilities and, where possible, identify automatable techniques for detecting such vulnerabilities in existing system software. - Richard Bisbey and Dennis Hollingworth, Information Sciences Institute, University of Southern California, ARPA ORDER NO. 2223, ISI/SR-78-13 May 1978.

PDF of Paper (3.2 MB)
PDF of Taxonomy's Graphical Tree (12 KB)

The RISOS Project: Security Analysis and Enhancements of Computer Operating Systems

The protection of computer resources, data of value, and individual privacy has motivated a concern for security of EDP installations, especially of the operating systems. In this report, three commercial operating systems are analyzed and security enhancements suggested. Because of the similarity of operating systems and their security problems, specific security flaws are formally classified according to a taxonomy developed here. This classification leads to a clearer understanding of security flaws and aids in analyzing new systems. - Robert P. Abbott, Janet S. Chin, James. E. Donnelley, William L. Konigsford, Shigeru Tokubo, and Douglas A. Webb, Lawrence Livermore Laboratory TR NBSIR-76-1041, April 1976.

PDF of Paper (4 MB)
PDF of Taxonomy's Graphical Tree (12 KB)

  • Institute for Defense Analyses (IDA), "State-of-the-Art Resources (SOAR) for Software Vulnerability Detection, Test, and Evaluation," Currently Unpublished, 2014.
  • Nikolai Mansourov, "DoD Software Fault Patterns," KDM Analytics, 2011.
    PDF of Paper (from here)
  • Wang, C., Wang, H., "Taxonomy of Security Considerations and Software Quality," Communications of the ACM, Vol. 46. No. 6, June 2003
  • Householder, A. D., Seacord, R. C., "A Structured Approach to Classifying Security Vulnerabilities," CMU/SEI-2005- TN-003, January 2005
  • Leek, T., Lippmann, R., Zitser, M., "Testing Static Analysis Tools Using Exploitable Buffer Overflows From Open Source Code," Foundations of Software Engineering, Newport Beach, CA, December 2005
  • Newsham, Tim, "Format String Attacks," Tim Newsham, Guardent, September 2000.
    PDF of Paper (from here)
Page Last Updated: July 31, 2014