Enumeration of Technical Impacts
Each weakness, if successfully exploited, can lead to one or more potential Technical Impacts:
Note that some of these items are abstractions of the technical impact enumeration used in CWE 2.0, which includes values such as Modify memory, Read application data, memory consumption, etc. Such values are overly specific with limited flexibility, which was addressed by using layers.
Within CWRAF and CWSS, the successful exploitation of a weakness could have varying impacts at four different "layers":
The user then evaluates all possible combinations of Technical Impact and Impact Layer (32 possibilities as of CWSS 0.8) and captures the analysis within the Technical Impact Scorecard, which contains the following information:
More information is available — Please select a different filter.