Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > Community > Research > Discussion of Issues in CWE Draft 6  

Discussion of Issues in CWE Draft 6
Discussion of Issues in CWE Draft 6

Following is a summary of the main overall issues in CWE Draft 6.

  • Some "weakness" nodes are not about weaknesses. The most noticeable are nodes that are focused on attacks (e.g. HTTP Response Splitting, Man-in-the-Middle). CWE also has grouping nodes such as "Authentication Issues" that might be useful for navigation but are not weaknesses themselves.
  • Abstraction Challenges. Some nodes might be broken down into sub-nodes in ways that don't make sense to some users. Others might be regarded as too high-level. Some nodes might be too low-level.
  • Different Perspectives. CWE nodes can be organized and described along different perspectives, which might not be suitable for some users.
  • Usability. There are different types of users of CWE, but its current layout and navigation is relatively limited.
  • Incomplete Entries. There are numerous fields available for CWE nodes, but many entries do not have as much detailed information as they could, including the description and relationships.
  • Vague Names or Descriptions. Some entries have names or descriptions that do not clearly describe the issue.

Document version: 0.1    Date: September 13, 2007

This is a draft document. It is intended to support maintenance of CWE, and to educate and solicit feedback from a specific technical audience. This document does not reflect any official position of the MITRE Corporation or its sponsors. Copyright © 2007, The MITRE Corporation. All rights reserved. Permission is granted to redistribute this document if this paragraph is not removed. This document is subject to change without notice.

Page Last Updated: January 12, 2017