CWE - CWE Usage Scenarios

Home > Community > Research > CWE Usage Scenarios

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS
CWRAF
T-Shirt

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Coverage Claims Representation
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
Community
Related Activities
Discussion List
CWE Research
Discussion List Archives
Working Documents
CWSS

CWE Usage Scenarios
CWE Usage Scenarios

CWE Usage Scenarios | Stakeholder Analysis | Views

Usage Modes

Browse: navigate or browse through the CWE, following related nodes or finding knowledge gaps
Search: search for specific CWE IDs
Lookup: look up a particular CWE whose ID is known
Inspect: Learn additional details about a particular CWE

Usage Scenarios

Mapping	The user has a specific weakness/attack/vulnerability in mind and needs to find the CWE identifier for it.
	Modes: Browse, Search
	Considerations: abstraction differences may be a factor during mapping. Need to match expectations of the mapper and support alternate terminology.
Compare	The user needs to compare multiple tools or repositories in terms of their coverage and focus. Or, the user wants to compare multiple applications in terms of their "weakness density."
	Modes: Lookup, Inspect, Search
Learn More	The user needs to learn more about a specific issue.
	Modes: Lookup, Inspect, Search, Browse
Find Gaps	The user wants to learn about new CWEs that might not be covered (by the user's knowledge, a tool, etc.)
	Modes: Browse, Search
Find Related	The user is working from a specific CWE and wants to learn about related CWEs.
	Modes: Browse, Search
Prioritize	The user needs to find the highest-priority entries, for some definition of "priority".
	Modes: Search, Lookup, Inspect
Announce a Vulnerability	The user wants to publicly announce a vulnerability and use a CWE ID in the announcement.
	Modes: Browse, Search
	Considerations: abstraction differences may be a factor during mapping. Need to match expectations of the user and support alternate terminology.

Document version: 0.1 Date: September 12, 2007

This is a draft document. It is intended to support maintenance of CWE, and to educate and solicit feedback from a specific technical audience. This document does not reflect any official position of the MITRE Corporation or its sponsors. Copyright © 2007, The MITRE Corporation. All rights reserved. Permission is granted to redistribute this document if this paragraph is not removed. This document is subject to change without notice.

Page Last Updated: September 05, 2008


	CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us