CWE
Home > CWE List > Reports > Stakeholder Field Priorities   View the CWE List

Stakeholder Field Priorities
Stakeholder Field Priorities

This report lists the active CWE fields and attempts to characterize their relative importance to various stakeholders. Because there are many different uses for CWE, this report will help the CWE Content Team to prioritize content management activities.

Identified Stakeholders
Identified Stakeholders
Type Tier Description
Devel 2 Developers, designers, architects, and vendors of software, whether it is commercial or open source, customized or widely available. Could also be Assessment Customers. Note: this group includes the internal development team, any contracted third-party developers, and the marketing/support teams who act as the interface to customers.
Scan Vend 1 Assessment Vendors - Developers of code scanners, services, and other types of assessment technologies.
Educ 2 Educators or certification programs that teach developers how to develop more secure code, and/or how to find vulnerabilities.
IEC 2 ISO/IEC Project 22.24772, which is developing "Guidance for Avoiding Vulnerabilities through Language Selection and Use"
SAMATE 1 The Software Assurance Metrics and Tool Evaluation (SAMATE) project
Formal 2 The CWE Formalization project, led by KDM Analytics.
CWE 1 The CWE content team itself, both for maintenance and longer-term goals.
Cust 2 Customers who buy software.
Back to top
Stakeholder Field Priorities
Stakeholder Field Priorities
Key
Req The field is essential for the stakeholder (rating: 20 for Tier 1, 10 for Tier 2)
Imp The field is important for the stakeholder (rating: 10 for Tier 1, 5 for Tier 2)
Nice The field is convenient for the stakeholder, but its absence will not hamper operations (rating: 2 for Tier 1, 1 for Tier 2)
- Not needed by the stakeholder (rating: 0)

Field Score Devel Scan Vend Educ IEC SAMATE Formal CWE Cust
Name 110 Req Req Req Req Req Req Req Req
Description 110 Req Req Req Req Req Req Req Req
White_Box_Definition 62 Nice Req Nice - Req Req Imp -
Node_Relationship 62 Req Imp Req Nice Imp Nice Req -
Data: Chains and Composites 58 Nice Imp Nice Imp Req Nice Req -
Status 58 Nice Req Imp Nice Imp Nice Req -
Weakness Abstraction 52 Nice Imp Nice - Req Imp Imp Imp
Time_of_Introduction 46 Imp Imp Nice Imp Imp Imp Imp -
Data: Natural Hierarchy View 44 Imp Imp Imp Nice Nice Nice Req -
Applicable_Platforms 44 Req Imp Imp Req Nice - Nice Imp
Related_Attack_Patterns 41 Req Imp Imp Nice - - Imp Imp
Detection_Factor 37 Nice Imp - - Req Imp - Nice
Observed_Examples 34 Imp Imp Imp Nice Nice Nice Imp -
Causal_Nature 34 Imp Imp Nice Nice Imp Imp Nice -
Demonstrative_Example 34 Imp Imp Imp Nice Nice Nice Imp -
Likelihood_of_Exploit 33 Imp Imp Imp Nice Nice - - Req
Common_Consequences 32 Req Nice Req - - - - Req
Enabling_Factors_for_Exploitation 28 Imp Imp Nice Nice Imp Nice - -
Potential_Mitigations 28 Req Nice Req Nice Nice Nice Nice -
Alternate_Terms 27 Imp Imp Nice - - - Imp Nice
Context_Notes 26 Nice Nice Nice - Nice - Req -
Source_Taxonomy 25 - Nice Nice - Nice - Req -
Taxonomy_Mapping 25 Nice Imp Nice - Nice - Imp Nice
Weakness_Ordinality 25 Nice Nice Nice - Imp Nice Imp -
Research_Gaps 21 - Nice Nice - Nice Imp Imp Nice
Relevant_Properties 20 Nice - Imp Nice Nice Nice Imp -
References 20 Imp - Imp - - - Imp -
Functional_Area 19 Imp Nice Imp Imp - - Nice -
Affected_Resource 16 Req Nice Nice Nice - Nice - Nice
Black_Box_Definition 12 Imp Nice Nice - Nice - Nice -
Back to top
Page Last Updated: April 09, 2008
 

CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us