|
|
|
|
CWE-668 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 668 (Weakness Class) | | Description | Summary The product exposes a resource to the wrong sphere, in ways that are not related to incorrectly specified permissions. | | Context Notes | A "control sphere" is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product's security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for "administrators" who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be "users who are authenticated to the operating system on which the product is installed." Each sphere has different sets of actors and allowable behaviors. | | Relationships | |
|