CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > Community > Research > CWE Usage Scenarios  
ID

CWE Usage Scenarios
CWE Usage Scenarios

Usage Modes

  • Browse: navigate or browse through the CWE, following related nodes or finding knowledge gaps
  • Search: search for specific CWE IDs
  • Lookup: look up a particular CWE whose ID is known
  • Inspect: Learn additional details about a particular CWE

Usage Scenarios

Mapping The user has a specific weakness/attack/vulnerability in mind and needs to find the CWE identifier for it.
Modes: Browse, Search
Considerations: abstraction differences may be a factor during mapping. Need to match expectations of the mapper and support alternate terminology.
Compare The user needs to compare multiple tools or repositories in terms of their coverage and focus. Or, the user wants to compare multiple applications in terms of their "weakness density."
Modes: Lookup, Inspect, Search
Learn More The user needs to learn more about a specific issue.
Modes: Lookup, Inspect, Search, Browse
Find Gaps The user wants to learn about new CWEs that might not be covered (by the user's knowledge, a tool, etc.)
Modes: Browse, Search
Find Related The user is working from a specific CWE and wants to learn about related CWEs.
Modes: Browse, Search
Prioritize The user needs to find the highest-priority entries, for some definition of "priority".
Modes: Search, Lookup, Inspect
Announce a Vulnerability The user wants to publicly announce a vulnerability and use a CWE ID in the announcement.
Modes: Browse, Search
Considerations: abstraction differences may be a factor during mapping. Need to match expectations of the user and support alternate terminology.

Document version: 0.1    Date: September 12, 2007

This is a draft document. It is intended to support maintenance of CWE, and to educate and solicit feedback from a specific technical audience. This document does not reflect any official position of the MITRE Corporation or its sponsors. Copyright © 2007, The MITRE Corporation. All rights reserved. Permission is granted to redistribute this document if this paragraph is not removed. This document is subject to change without notice.

Page Last Updated: January 17, 2017