Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > Documents > CVE → CWE "Root Cause Mapping" Quick Tips  

CVE CWE "Root Cause Mapping" Quick Tips

Before You Start

  1. Review the CWE mapping examples
  2. Try to frame your perspective of the vulnerability to its underlying weakness
  3. Become familiar with key terms in CWE's glossary so that you can be sure you are interpreting CWE names correctly
  4. Familiarize yourself with key views (CWE-699, CWE-1194, CWE-1400,and CWE-1000), and determine which ones seem to match your needs the best
  5. Become familiar with the top-level CWEs in your preferred view

When You Are Ready

  1. The keyword search on the CWE website can help you quickly find potential entries, regardless of their level of abstraction
  2. CWEs at the Base and Variant level should be used for vulnerability root cause mapping whenever possible. Class level CWEs may be used for root cause mapping if there is no accurate Base or Variant level CWE. Check under the CWE’s title for its Abstraction and a link to its Mapping Notes
  3. Verify your mapping with a team member with different skills and experience
  4. If you find an entry similar but not quite what you are looking for, then examine its relationships with other CWEs
Page Last Updated: March 22, 2024