|
|||||||||||||||||||
Enumeration of Technical ImpactsEach weakness, if successfully exploited, can lead to one or more potential Technical Impacts:
Note that some of these items are abstractions of the technical impact enumeration used in CWE 2.0, which includes values such as Modify memory, Read application data, memory consumption, etc. Such values are overly specific with limited flexibility, which was addressed by using layers. Within CWRAF and CWSS, the successful exploitation of a weakness could have varying impacts at four different "layers":
The user then evaluates all possible combinations of Technical Impact and Impact Layer (32 possibilities as of CWSS 0.8) and captures the analysis within the Technical Impact Scorecard, which contains the following information:
More information is available — Please select a different filter. |
Use of the Common Weakness Enumeration (CWE) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006-2021, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. |