Schema Documentation - Schema Version 4.5Document version: 4.5 Date: 2013-02-21 This is a draft document. It is intended to support maintenance of CWE, and to educate and solicit feedback from a specific technical audience. This document does not reflect any official position of the MITRE Corporation or its sponsors. Copyright © 2013, The MITRE Corporation. All rights reserved. Permission is granted to redistribute this document if this paragraph is not removed. This document is subject to change without notice. Author: CWE Team Table of Selected Content Table of Selected Content Affected ResourceSchema path: Common Attributes > Affected Resources > Affected Resource This element identifies system resources affected by this entry. Each resource affected by this weakness should be given its own Affected_Resource element. For example, CWE-249, Path Manipulation has both Memory and File/Directory listed in separate Affected_Resource elements. This should be filled out in weakness bases and variants where applicable. Affected ResourcesSchema path: Common Attributes > Affected Resources This element identifies system resources affected by this entry. It is populated by Affected_Resource elements. Alternate TermSchema path: Alternate Terms > Alternate Term This element contains alternate terms by which this weakness may be known and a description to explain the context in which the term may be relevant. For example, CWE-181 Incorrect Behavior Order: Validate Before Filter, has the alternate terms value "Validate-before-cleanse". This is not required for all entries and should only be included where appropriate. Alternate Term DescriptionSchema path: Alternate Terms > Alternate Term > Alternate Term Description This element provides context to each Alternate_Term by which this weakness may be known. Alternate TermsSchema path: Alternate Terms This element contains one or more Alternate_Term elements, each of which contains other names used to describe this weakness. Applicable LanguagesSchema path: Mitigation > Applicable Languages This structure contains one or more Language elements which each represent a language in which this mitigation may exist. Applicable PlatformsSchema path: Common Attributes > Applicable Platforms This structure contains the Languages, Operatingy_Systems, Hardware_Architectures, Architectural_Paradigms, Environments, Technology_Classes or Common Platforms on which this entry may exist. This should be filled out as much as possible for all Compound_Element and Weakness entries. Architectural ParadigmSchema path: Common Attributes > Applicable Platforms > Architectural Paradigms > Architectural Paradigm This element identifies a single Architectural_Paradigm in which this entry may exist and with what frequency in the specified paradigm. Architectural Paradigm NameSchema path: Common Attributes > Applicable Platforms > Architectural Paradigms > Architectural Paradigm > Architectural Paradigm Name This subelement identifies paradigms in which this weakness is likely to exist. Architectural ParadigmsSchema path: Common Attributes > Applicable Platforms > Architectural Paradigms This element contains one or more Architectural_Paradigm subelements which each represent an architecture on which this weakness is likely to exist. AudienceSchema path: View Attributes > View Audience > Audience The Audience element provides a reference to the target audience or group for this view. Background DetailSchema path: Common Attributes > Background Details > Background Detail This element contains background information regarding the entry or any technologies that are related to it, where the background information is not related to the nature of the weakness itself. It should be filled out where appropriate. Background DetailsSchema path: Common Attributes > Background Details This structure contains one or more Background_Detail elements, each of which holds information regarding the entry or any technologies that are related to it, where the background information is not related to the nature of the entry itself. It should be filled out where appropriate. Black Box DefinitionSchema path: Common Attributes > Black Box Definitions > Black Box Definition This element contains elements describes the weakness from an external perspective, meaning that the view includes no knowledge of how the software is processing data other than what can be inferred from observing the software's behavior. Black Box DefinitionsSchema path: Common Attributes > Black Box Definitions This structure contains one or more Black_Box_Definition elements, each of which describes the weakness from an external perspective, meaning that the view includes no knowledge of how the software is processing data other than what can be inferred from observing the software's behavior. BlockSchema path: Block Block is a Structured_Text element consisting of one of Text_Title, Text, Code_Example_Language, or Code followed by another Block element. Structured_Text elements help define whitespace and text segments. Block NatureSchema path: Block > Block Nature This attribute identifies the nature of the content contained within the Block. CAPEC IDSchema path: Common Attributes > Related Attack Patterns > Related Attack Pattern > CAPEC ID The CAPEC_ID stores the value for the related CAPEC entry identifier as a string. Only one CAPEC_ID element can exist for each Related_Attack_Pattern element. CAPEC VersionSchema path: Common Attributes > Related Attack Patterns > Related Attack Pattern > CAPEC Version This attribute identifies which version of CAPEC is being referenced. CPE IDSchema path: Common Attributes > Applicable Platforms > Common Platform References > Common Platform Reference > CPE ID The CPE_ID stores the value for the related CPE entry identifier as a string. Only one CPE_ID element can exist for each Common_Platform element. Catalog DateSchema path: Weakness Catalog > Catalog Date Catalog_Date is an optional attribute of Weakness_Catalog which identifies the date when this catalog was created or last updated. Catalog NameSchema path: Weakness Catalog > Catalog Name Catalog_Name is a required attribute of Weakness_Catalog which identifies the collection of Weaknesses, Views, Categories and Compound_Elements represented by this XML document. Catalog VersionSchema path: Weakness Catalog > Catalog Version Catalog_Version is a required attribute of Weakness_Catalog which identifies what version of @Catalog_Name this XML document represents. CategoriesSchema path: Weakness Catalog > Categories The Categories structure contains zero or more Category elements. Each Category element represents what used to be referred to in CWE as a "Grouping" entry. That is, a category is now a collection of weaknesses based on a common attribute, such as CWE-310 Cryptographic Issues or CWE-355 User Interface Security Issues. CategorySchema path: Category Each Category element represents what used to be referred to in CWE as a "Grouping" entry. That is, a category is now a collection of weaknesses sharing a common attribute, such as CWE-310 Cryptographic Issues or CWE-355 User Interface Security Issues. The shared attribute may any number of things including, but not limited to, environment (J2EE, .NET), functional area (authentication, cryptography) and the relevant resource (credentials management, certificate issues). Causal NatureSchema path: Common Attributes > Causal Nature This element describes the nature of the underlying cause of the weakness. Is it an implicit underlying weakness or is it an issue of behavior on the part of the software developer? Appropriate values are either Implicit, occurring regardless of developer behavior, or Explicit, an explicit weakness resulting from behavior of the developer. CodeSchema path: Code Presentation Element: This element is used to define a line of code. Code Example LanguageSchema path: Code Example Language Presentation Element: This element is used to identify the programming language being used in the following block of Code CommentSchema path: Comment Presentation Element: This element is used to define a comment in code. Common AttributesSchema path: Common Attributes The Common_Attributes structure is a collection of common elements which might be shared by a Weakness, Category or Compound_Element. Common ConsequenceSchema path: Common Consequence This subelement contains an individual consequence associated with this weakness. One or more are required for every Common_Consequences element and should exist in all weaknesses. Common Consequence IDSchema path: Common Consequence > Common Consequence ID The Common_Consequence_ID stores the value for the related Common_Consequence entry identifier as a string. Only one Common_Consequence_ID element can exist for each Common_Consequence element (ex: CC-1). However, Common_Consequences across CWE with the same ID should only vary in small details. Common ConsequencesSchema path: Common Attributes > Common Consequences This element contains the common consequences associated with this weakness. It is populated by one or more individual Common_Consequence subelements. This should be included and completed as much as possible for all weaknesses. Common Platform ReferenceSchema path: Common Attributes > Applicable Platforms > Common Platform References > Common Platform Reference The Common_Platform subelement identifies a single platform that is associated with this weakness. Its only child, CPE_ID is required and identifies the related CPE entry. More than one Common_Platform_Reference element can exist, but they must all be contained within a single Common_Platform_References element. Common Platform ReferencesSchema path: Common Attributes > Applicable Platforms > Common Platform References The Common_Platforms element contains references to the Common Platform Enumeration, CPE, which will identify common platforms on which this weakness may occur. It has one or more Common_Platform elements as children and each child will point to a single CPE entry which is associated with this weakness. Compound ElementSchema path: Compound Element The Compound_Element structure represents a meaningful aggregation of several weaknesses, as in a chain like CWE-690: CWE-252 Unchecked Return Value can result in CWE-476 NULL Pointer Dereference or as in a composite like CWE-352 Cross-Site Request Forgery. Compound Element AbstractionSchema path: Compound Element > Compound Element Abstraction The Abstraction defines the abstraction level for this weakness. The abstractions levels for Compound_Elements and Weaknesses are the same. For example, if the Compound_Element is a chain, and all elements of the chain are Class level, then the Compound_Element Abstraction attribute is Class. This is required for all Compound_Elements. Compound Element StructureSchema path: Compound Element > Compound Element Structure The Structure attribute defines the structural nature of this compound element - that is, composed of other weaknesses concurrently, as in a composite, or consecutively, as in a chain. Compound ElementsSchema path: Weakness Catalog > Compound Elements The Compound_Elements structure contains zero or more Compound_Element elements. Each Compound_Element represents a meaningful aggregation of several weaknesses, as in a chain like CWE-690: CWE-252 Unchecked Return Value can result in CWE-476 NULL Pointer Dereference or as in a composite like CWE-352 Cross-Site Request Forgery. Consequence NoteSchema path: Common Consequence > Consequence Note This subelement provides additional commentary about this consequence. Consequence ScopeSchema path: Common Consequence > Consequence Scope This subelement identifies an individual consequence that may be associated with this weakness. Possible effects are detailed in Consequence_Effect. Consequence Technical ImpactSchema path: Common Consequence > Consequence Technical Impact This subelement describes the technical impacts that can arise if an attacker attempts to exploit this weakness. Content HistorySchema path: Content History This element is used to keep track of the author of the weakness entry and anyone who has made modifications to the content. This provides a means of contacting the authors and modifiers for clarifying ambiguities, merging overlapping contributions, etc. This should be filled out for all entries. ContributionSchema path: Content History > Contribution This element houses the subelements which identify the contributor and contributor's comments related to this entry. This element has a single attribute, Contribution_Mode, which indicates whether the contribution was part of feedback given to the CWE team or actual content that was donated. Contribution CommentSchema path: Content History > Contribution > Contribution Comment This element provides the author with a place to store any comments regarding the content of this weakness entry, such as assumptions made, reasons for omitting elements, contact information, pending questions, etc. Contribution DateSchema path: Content History > Contribution > Contribution Date This element should provide the date on which this content was authored in YYYY-MM-DD format. Contribution ModeSchema path: Content History > Contribution > Contribution Mode This attribute indicates whether the contribution was part of feedback given to the CWE team or actual content that was donated. Contribution OrganizationSchema path: Content History > Contribution > Contribution Organization This element should identify the author's organization. ContributorSchema path: Content History > Contribution > Contributor This element should contain the name of the author for this entry. Demonstrative ExampleSchema path: Common Attributes > Demonstrative Examples > Demonstrative Example This element illustrates how this weakness may look in actual code. It contains an Intro_Text element describing the context in which this code should be viewed, an Example_Body element which is a mixture of code and explanatory text, and Demonstrative_Example_References that provide additional information. Demonstrative Example IDSchema path: Common Attributes > Demonstrative Examples > Demonstrative Example > Demonstrative Example ID The Demonstrative_Example_ID stores the value for the related Demonstrative_Example entry identifier as a string. Only one Demonstrative_Example_ID element can exist for each Demonstrative_Example element (ex: DX-1). However, Demonstrative_Examples across CWE with the same ID should only vary in small details. Demonstrative Example ReferencesSchema path: Common Attributes > Demonstrative Examples > Demonstrative Example > Demonstrative Example References The Demonstrative_Example_References element contains one or more Reference elements, each of which provide further reading and insight into this demonstrative example. This should be filled out when appropriate. Demonstrative ExamplesSchema path: Common Attributes > Demonstrative Examples This structure contains one or more Demonstrative_Examples, each of which should contain an example illustrating the problem being described in this weakness. DescriptionSchema path: Common Attributes > Description This field provides a description of this Structure, whether it is a Weakness, Category or Compound Element. Its primary subelement is Description_Summary which is intended to serve as a minimalistic description which provides the information necessary to understand the primary focus of this entry. Additionally, it has the subelement Extended_Description which is optional and is used to provide further information pertaining to this weakness. Description SummarySchema path: Common Attributes > Description > Description Summary This description should be short and should limit itself to describing the key points that define this entry. Further explanation can be included in the extended description element. This is required for all entries. Detection MethodSchema path: Common Attributes > Detection Methods > Detection Method The Detection_Method element is intended to provide information on different techniques that can be used to detect a weakness, including their strengths and limitations. This should be filled out for some weakness classes and bases. Detection Method IDSchema path: Common Attributes > Detection Methods > Detection Method > Detection Method ID The Detection_Method_ID stores the value for the related Detection_Method entry identifier as a string. Only one Detection_Method_ID element can exist for each Detection_Method element (ex: DM-1). However, Detection_Methods across CWE with the same ID should only vary in small details. Detection MethodsSchema path: Common Attributes > Detection Methods The Detection_Methods element is comprised of one or more Detection_Method elements which identify methods that may be employed to detect this weakness. Enabling Factor for ExploitationSchema path: Common Attributes > Enabling Factors for Exploitation > Enabling Factor for Exploitation This element identifies a condition or factor that could increase the likelihood of exploit for this weakness. This element should contain structured text with enough detail to make the enabling factor clear. This should be filled out for most weakness bases. Enabling Factors for ExploitationSchema path: Common Attributes > Enabling Factors for Exploitation This element contains one or more Enabling_Factor_for_Exploitation, each of which points out conditions or factors that could increase the likelihood of exploit for this weakness. This should be filled out for most weakness bases. EnvironmentSchema path: Common Attributes > Applicable Platforms > Environments > Environment This element identifies a single Environment in which this entry may exist and with what frequency in the specified environment. Environment NameSchema path: Common Attributes > Applicable Platforms > Environments > Environment > Environment Name This attribute is the name of the Environment we are identifying. EnvironmentsSchema path: Common Attributes > Applicable Platforms > Environments This element contains one or more Environment subelements which each represent an environment in which this weakness may exist. Example BodySchema path: Common Attributes > Demonstrative Examples > Demonstrative Example > Example Body This element consists of a Structured_Text element which should hold the code and some explanatory information for the reader. Extended DescriptionSchema path: Common Attributes > Description > Extended Description This element provides a place for details important to the description of this entry to be included that are not necessary to convey the fundamental concept behind the entry. This is not required for all entries and should only be included where appropriate. Functional AreaSchema path: Common Attributes > Functional Areas > Functional Area This element identifies the functional area of the software in which the weakness is most likely to occur. For example, CWE-178 Failure to Resolve Case Sensitivity is likely to occur in functional areas of software related to file processing and credentials. Each applicable functional area should have a new Functional_Area element and standard title capitalization should be applied to each area. Functional AreasSchema path: Common Attributes > Functional Areas This structure contains one or more Functional_Area elements, each of which identifies the functional area of the software in which the weakness is most likely to occur. For example, CWE-178 Failure to Resolve Case Sensitivity is likely to occur in functional areas of software related to file processing and credentials. Hardware ArchitectureSchema path: Common Attributes > Applicable Platforms > Hardware Architectures > Hardware Architecture This element identifies a single Hardware_Architecture on which this entry may exist and with what frequency on the specified architecture. Hardware Architecture ClassSchema path: Common Attributes > Applicable Platforms > Hardware Architectures > Hardware Architecture Class This element identifies a single class of hardware architectures, specified in Hardware_Architecture_Class_Name, in which this entry may exist. Hardware Architecture Class NameSchema path: Common Attributes > Applicable Platforms > Hardware Architectures > Hardware Architecture Class > Hardware Architecture Class Name This subelement identifies architectures in which this weakness is likely to exist. Hardware Architecture NameSchema path: Common Attributes > Applicable Platforms > Hardware Architectures > Hardware Architecture > Hardware Architecture Name This subelement identifies architectures on which this weakness is likely to exist. Hardware ArchitecturesSchema path: Common Attributes > Applicable Platforms > Hardware Architectures This element contains one or more Hardware_Architecture subelements which each represent an architecture in which this weakness is likely to exist. ID (Category)Schema path: Category > ID This attribute provides a unique identifier for the entry. It will be static for the lifetime of the entry. In the event that this entry becomes deprecated, the ID will not be reused and a pointer will be left in this entry to the replacement. This is required for all Categories. ID (Compound Element)Schema path: Compound Element > ID This attribute provides a unique identifier for the entry. It will be static for the lifetime of the entry. In the event that this entry becomes deprecated, the ID will not be reused and a pointer will be left in this entry to the replacement. This is required for all Compound_Elements. ID (View)Schema path: View > ID The ID attribute provides a unique identifier for the entry. It will be static for the lifetime of the entry. In the event that this entry becomes deprecated, the ID will not be reused and a pointer will be left in this entry to the replacement. This is required for all Views. ID (Weakness)Schema path: Weakness > ID This attribute provides a unique identifier for the entry. It will be static for the lifetime of the entry. In the event that this entry becomes deprecated, the ID will not be reused and a pointer will be left in this entry to the replacement. This is required for all Weaknesses. ImageSchema path: Image Presentation Element: This element is used to define an image. Image LocationSchema path: Image > Image Location This element provides the location of the image file. Image TitleSchema path: Image > Image Title This element provides a title for the image. Intro TextSchema path: Common Attributes > Demonstrative Examples > Demonstrative Example > Intro Text This element describes the context and setting surrounding the example to add clarity for the reader. Introductory PhaseSchema path: Common Attributes > Time of Introduction > Introductory Phase This element identifies the point of time in the software life cycle at which the weakness may be introduced. Possible values are Architecture and Design, Implementation and Operational to name a few. If there are multiple points of time at which the weakness may be introduced, then separate Introductory_Phase elements should be included for each. This element should be populated for all weakness bases and variants. LanguageSchema path: Languages List Type > Language This element represents a programming language in which this entry may occur. The language name is specified in the Language_Name attribute. Language ClassSchema path: Languages List Type > Language Class This element houses the description of a type of language in which this entry is likely to exist and its likely frequency of occurrence in that language. The type may be specified by a common property, such as Languages with Automated Memory Management or Languages which support Format Strings, or it may describe a more general class of language such as All Interpreted Languages or Pseudo Code. Language Class DescriptionSchema path: Languages List Type > Language Class > Language Class Description This element is the description of a type of language in which this entry is likely to exist. The type may be specified by a common property, such as Languages with Automated Memory Management or Languages which support Format Strings, or it may describe a more general class of language such as All Interpreted Languages or Pseudo Code. Language NameSchema path: Languages List Type > Language > Language Name This attribute specifies the name of the programming language in which this entry may occur. LanguagesSchema path: Common Attributes > Applicable Platforms > Languages This structure contains one or more Language elements which each represent a language in which this weakness may exist. Languages List TypeSchema path: Languages List Type The Languages_List_Type contains one or more Language elements, each of which provide further reading and insight into the item. This should be filled out as appropriate. Likelihood of ExploitSchema path: Common Attributes > Likelihood of Exploit This element contains a rough estimate at the likelihood of exploitation of an exposed weakness. Many factors can impact this value which is why it should only be regarded as an approximation. Maintenance NoteSchema path: Maintenance Notes > Maintenance Note This element describes a significant maintenance task within this entry that still need to be addressed, such as clarifying the concepts involved or improving relationships. It should be filled out in any entry that is still undergoing significant review by the CWE team. Maintenance NotesSchema path: Maintenance Notes This element contains one or more Maintenance_Note elements which each contain significant maintenance tasks within this entry that still need to be addressed, such as clarifying the concepts involved or improving relationships. It should be filled out in any entry that is still undergoing significant review by the CWE team. Mapped Node IDSchema path: Common Attributes > Taxonomy Mappings > Taxonomy Mapping > Mapped Node ID This element identifies the ID of the entry to which this weakness is being mapped in taxonomy Taxonomy_Name. Mapped Node NameSchema path: Common Attributes > Taxonomy Mappings > Taxonomy Mapping > Mapped Node Name This element identifies the name of the entry to which this weakness is being mapped in taxonomy Taxonomy_Name. Mapped Taxonomy NameSchema path: Common Attributes > Taxonomy Mappings > Taxonomy Mapping > Mapped Taxonomy Name This attribute identifies the taxonomy to which this weakness has a similar or equivalent entry. Mapping FitSchema path: Common Attributes > Taxonomy Mappings > Taxonomy Mapping > Mapping Fit This element identifies how close to the original taxonomy this node was mapped. Method DescriptionSchema path: Common Attributes > Detection Methods > Detection Method > Method Description The Method_Description element is intended to provide some context of how this Detection_Method can be applied to a specific weakness. This should be filled out for some weakness classes and bases. Method EffectivenessSchema path: Common Attributes > Detection Methods > Detection Method > Method Effectiveness This element summarizes how effective the detection method may be in detecting the associated weakness. This assumes the use of best-of-breed tools, analysts, and methods. There is limited consideration for financial costs, labor, or time. Method Effectiveness NotesSchema path: Common Attributes > Detection Methods > Detection Method > Method Effectiveness Notes The Method_Effectiveness_Notes element is intended to discuss the strengths and shortcomings of this detection method. This should be filled out for some weakness classes and bases. Method NameSchema path: Common Attributes > Detection Methods > Detection Method > Method Name The Method_Name element identifies the particular weakness detection method to be described. This should be filled out for some weakness classes and bases. MitigationSchema path: Mitigation This subelement contains a single method for mitigating this weakness. One or more mitigations must be included inside of a Potential_Mitigations element. Mitigation DescriptionSchema path: Mitigation > Mitigation Description This subelement contains the description of this individual mitigation. Mitigation EffectivenessSchema path: Mitigation > Mitigation Effectiveness This element summarizes how effective the mitigation may be in preventing the weakness. Mitigation Effectiveness NotesSchema path: Mitigation > Mitigation Effectiveness Notes The Mitigation_Effectiveness_Notes element is intended to identify the strengths and shortcomings of this mitigation on a specific weakness. Mitigation IDSchema path: Mitigation > Mitigation ID The Mitigation_ID stores the value for the related Mitigation entry identifier as a string. Only one Mitigation_ID element can exist for each Mitigation element (ex: MIT-1). However, Mitigations across CWE with the same ID should only vary in small details. Mitigation PhaseSchema path: Mitigation > Mitigation Phase The Mitigation_Phase element indicates the development life cycle phase during which this particular mitigation may be applied. Mitigation StrategySchema path: Mitigation > Mitigation Strategy The general strategy for protecting a system to which this mitigation contributes. Mode of IntroductionSchema path: Common Attributes > Modes of Introduction > Mode of Introduction This element identifies the mode by which the weakness may be introduced. If there are multiple ways in which the weakness may be introduced, then separate Mode_of_Introduction elements should be included for each. This element should be populated for all weakness bases and variants. Modes of IntroductionSchema path: Common Attributes > Modes of Introduction This element describes the typical scenarios under which this weakness can be introduced into the software. It should be filled out as needed. ModificationSchema path: Content History > Modification This element houses the subelements which identify the modifier and modifier's comments related to this entry. A new Modification element should exist for each modification of the entry content. This element has a single attribute, Modification_Source, which indicates whether this modification was made by a CWE team member or an external party. Modification CommentSchema path: Content History > Modification > Modification Comment This element provides the modifier with a place to store any comments regarding the content of this weakness entry, such as assumptions made, reasons for omitting elements, contact information, pending questions, etc. Modification DateSchema path: Content History > Modification > Modification Date This element should contain the date of the modifications. Modification ImportanceSchema path: Content History > Modification > Modification Importance This attribute identifies how significant the modification is to the weakness with regard to the meaning and interpretation of the weakness. If a modification has a value of Critical, then the meaning of the entry or how it might be interpreted has changed and requires attention from anyone previously dependent on the weakness. Modification SourceSchema path: Content History > Modification > Modification Source This attribute indicates whether this modification was created by a CWE team member or provided by an external party. ModifierSchema path: Content History > Modification > Modifier This element should contain the name of the person modifying this entry. Modifier OrganizationSchema path: Content History > Modification > Modifier Organization This element should contain the modifier's organization. Name (Category)Schema path: Category > Name The Name is a descriptive name used to give the reader an idea of what the commonality is amongst the children of this category. All words in the name should be capitalized except for articles and prepositions unless they begin or end the name. Subsequent words in a hyphenated chain are also not capitalized. This is required for all Categories. Name (Compound Element)Schema path: Compound Element > Name The Name is a descriptive name used to give the reader an idea of the meaning behind the compound weakness structure. All words in the name should be capitalized except for articles and prepositions unless they begin or end the name. Subsequent words in a hyphenated chain are also not capitalized. This is required for all Compound_Elements. Name (View)Schema path: View > Name The Name is a descriptive attribute used to give the reader an idea of what perspective this view represents. All words in the name should be capitalized except for articles and prepositions unless they begin or end the name. Subsequent words in a hyphenated chain are also not capitalized. This is required for all Views. Name (Weakness)Schema path: Weakness > Name This attribute is the string which identifies the entry. The name should focus on the weakness being described in the entry and should avoid focusing on the attack which exploits the weakness or the consequences of exploiting the weakness. All words in the entry name should be capitalized except for articles and prepositions unless they begin or end the name. Subsequent words in a hyphenated chain are also not capitalized. This is required for all Weaknesses. Name Change DateSchema path: Content History > Previous Entry Names > Previous Entry Name > Name Change Date This lists the date on which this name was changed to something else. Typically, this date will be closely aligned with new releases of CWE. NoteSchema path: Other Notes > Note This element contains any additional notes or comments that cannot be captured using other elements. New elements might be defined in the future to contain this information. It should be filled out where needed. Observed ExampleSchema path: Common Attributes > Observed Examples > Observed Example This element specifies a reference to a specific observed instance of this weakness in the real-world; Typically this will be a CVE reference. Each Observed_Example element represents a single example. This element should be filled out for as many entries as possible. Observed Example DescriptionSchema path: Common Attributes > Observed Examples > Observed Example > Observed Example Description This field should contain a product independent description of the example being cited. The description should present an unambiguous correlation between the example being described and the weakness which it is meant to exemplify. It should also be short and easy to understand. Observed Example LinkSchema path: Common Attributes > Observed Examples > Observed Example > Observed Example Link This field should provide a valid URL where more information regarding this example can be obtained. Observed Example ReferenceSchema path: Common Attributes > Observed Examples > Observed Example > Observed Example Reference This field should contain the identifier for the example being cited. For example, if a CVE is being cited it should be of the standard CVE identifier format, such as CVE-2005-1951 or CVE-1999-0046. Observed ExamplesSchema path: Common Attributes > Observed Examples This structure contains one or more Observed_Example elements, each of which is a reference to a specific observed instance of this weakness in the real world; typically this will be a CVE reference. Operating SystemSchema path: Common Attributes > Applicable Platforms > Operating Systems > Operating System This element identifies a single Operating_System in which this entry may exist and with what frequency on the specified OS. Operating System ClassSchema path: Common Attributes > Applicable Platforms > Operating Systems > Operating System Class This element identifies a single class of operating systems, specified in Operating_System_Class_Description, in which this entry may exist. Suggested values include: Linux, Windows, UNIX, BSD, and Mac OS. Operating System Class DescriptionSchema path: Common Attributes > Applicable Platforms > Operating Systems > Operating System Class > Operating System Class Description This subelement identifies families or groups of operating systems in which this weakness is likely to exist. Operating System NameSchema path: Common Attributes > Applicable Platforms > Operating Systems > Operating System > Operating System Name This subelement identifies operating systems in which this weakness is likely to exist. Operating SystemsSchema path: Common Attributes > Applicable Platforms > Operating Systems This element contains one or more Operating_System subelements which each represent an OS in which this weakness is likely to exist. OrdinalSchema path: Relationship > Relationship Views > Relationship View ID > Ordinal The ordinal attribute is used to determine if this relationship is the primary ChildOf relationship for this weakness entry for a given Relationship_View_ID element.. This attribute can only have the value "Primary" and should only be included for the primary parent/child relationship. OrdinalitySchema path: Common Attributes > Weakness Ordinalities > Weakness Ordinality > Ordinality This element indicates whether this weakness exists independent of other weaknesses, Primary, or whether it is the result of the presence of some other weaknesses, Resultant. Ordinality DescriptionSchema path: Common Attributes > Weakness Ordinalities > Weakness Ordinality > Ordinality Description This element describes context in which this entry is either Primary or Resultant, depending on the corresponding value for Ordinality. Other NotesSchema path: Other Notes This element contains one or more Note elements, each of which provide any additional notes or comments that cannot be captured using other elements. New elements might be defined in the future to contain this information. It should be filled out where needed. Platform NotesSchema path: Common Attributes > Applicable Platforms > Platform Notes This element provides additional information related to the applicable platforms of a weakness if needed. Potential MitigationsSchema path: Common Attributes > Potential Mitigations This element contains the potential mitigations associated with this weakness. It contains one or more mitigation subelements which each represent individual mitigations for this weakness. This should be included and completed to the extent possible for all weakness bases and variants. Prevalence (Architectural Paradigm)Schema path: Common Attributes > Applicable Platforms > Architectural Paradigms > Architectural Paradigm > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that runs on the specified paradigm. Prevalence (Environment)Schema path: Common Attributes > Applicable Platforms > Environments > Environment > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that runs on the specified environment. Prevalence (Hardware Architecture)Schema path: Common Attributes > Applicable Platforms > Hardware Architectures > Hardware Architecture > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that runs on the specified hardware architecture. Prevalence (Hardware Architecture Class)Schema path: Common Attributes > Applicable Platforms > Hardware Architectures > Hardware Architecture Class > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that runs on the specified hardware architecture within the specified hardware architecture class. Prevalence (Language)Schema path: Languages List Type > Language > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that is written in the specified language. Prevalence (Language Class)Schema path: Languages List Type > Language Class > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that is written in languages within the specified language class. Prevalence (Operating System)Schema path: Common Attributes > Applicable Platforms > Operating Systems > Operating System > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that runs on the specified operating system. Prevalence (Operating System Class)Schema path: Common Attributes > Applicable Platforms > Operating Systems > Operating System Class > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that runs on the specified operating system within this operating system class. Prevalence (Technology Class)Schema path: Common Attributes > Applicable Platforms > Technology Classes > Technology Class > Prevalence This attribute identifies the prevalence with which this weakness may occur within code that runs on the specified technology class. Previous Entry NameSchema path: Content History > Previous Entry Names > Previous Entry Name This element identifies a name that was previously used for this entry. Previous Entry NamesSchema path: Content History > Previous Entry Names This structure contains one or more Previous_Entry_Name elements, each of which describes a previous name that was used for this entry. This should be filled out whenever a substantive name change occurs. ReferenceSchema path: Reference List Type > Reference Each Reference subelement should provide a single source from which more information and deeper insight can be obtained, such as a research paper or an excerpt from a publication. Multiple Reference subelements can exist. The sole attribute of this element is the id. The id is optional and translates to a preceding footnote below the context notes if the author of the entry wants to cite a reference. Not all subelements need to be completed, since some are designed for web references and others are designed for book references. The fields Reference_Author and Reference_Title should be filled out for all references if possible. Reference_Section and Reference_Date can be included for either book references or online references. Reference_Edition, Reference_Publication, Reference_Publisher, and Reference_PubDate are intended for book references, however they can be included where appropriate for other types of references. Reference_Link is intended for web references, however it can be included for book references as well if applicable. Reference AuthorSchema path: Reference Author This element identifies an individual author of the material being referenced. It is not required, but may be repeated sequentially in order to identify multiple authors for a single piece of material. Reference DateSchema path: Reference Date This element identifies the date when the reference was included in the entry. This provides the reader with a time line for when the material in the reference, usually the link, was valid. The date should be of the format YYYY-MM-DD. Reference EditionSchema path: Reference Edition This element identifies the edition of the material being referenced in the event that multiple editions of the material exist. This will usually only be useful for book references. Reference IDSchema path: Reference ID The Reference_ID is an optional value for the related Reference entry identifier as a string. Only one Reference_ID element can exist for each Reference element (ex: REF-1). However, References across CWE with the same ID should only vary in small details. Text citing this reference should use the format [REF-1]. Reference LinkSchema path: Reference Link This element should hold the URL for the material being referenced, if one exists. This should always be used for web references, and may optionally be used for book and other publication references. Reference List TypeSchema path: Reference List Type The References_List_Type contains one or more Reference elements, each of which provide further reading and insight into the item. This should be filled out as appropriate. Reference PubDateSchema path: Reference PubDate This field describes the date when the reference was published YYYY. Reference PublicationSchema path: Reference Publication This element identifies the publication source of the reference material, if one exists. Reference PublisherSchema path: Reference Publisher This element identifies the publisher of the reference material, if one exists. Reference SectionSchema path: Reference Section This element is intended to provide a means of identifying the exact location of the material inside of the publication source, such as the relevant pages of a research paper, the appropriate chapters from a book, etc. This is useful for both book references and internet references. Reference TitleSchema path: Reference Title This element identifies the title of the material being referenced. It is not required if the material does not have a title. References (Common Attributes)Schema path: Common Attributes > References The References element contains one or more Reference elements, each of which provide further reading and insight into this weakness. This may include an alternate interpretation of this weakness, a deeper technical breakdown of this weakness such as a research paper, deeper information on mitigations, or background details on this technical area. This should be filled out for all weakness bases and some variants. References (Mitigation)Schema path: Mitigation > References The References element contains one or more Reference elements, each of which provide further reading and insight into this view. This should be filled out when the view is based on sources or projects that are external to the CWE project. References (View Attributes)Schema path: View Attributes > References The References element contains one or more Reference elements, each of which provide further reading and insight into this view. This should be filled out when the view is based on sources or projects that are external to the CWE project. Related Attack PatternSchema path: Common Attributes > Related Attack Patterns > Related Attack Pattern The Related_Attack_Pattern subelement identifies a single attack pattern that is associated with this weakness. Its only child, CAPEC_ID is required and identifies the related CAPEC entry. It also has a required attribute, CAPEC_Version, which identifies which version of CAPEC is being referenced. More than one Related _Attack_Pattern element can exist, but they must all be contained within a single Related_Attack_Patterns element. Related Attack PatternsSchema path: Common Attributes > Related Attack Patterns The Related_Attack_Patterns element contains all references to CAPEC which will identify related attack patterns to this weakness. It has one or more Related_Attack_Pattern elements as children and each child will point to a single CAPEC entry which is associated with this weakness. This should be filled out to the extent possible for most weaknesses. RelationshipSchema path: Relationship Each Relationship identifies an association between this structure, whether it is a Weakness, Category, or Compound_Element and another structure. The relationship also identifies the views under which the relationship is applicable. Relationship Chain IDSchema path: Relationship > Relationship Chains > Relationship Chain ID This element specifies the unique ID of an individual chain element this relationship pertains to. Relationship ChainsSchema path: Relationship > Relationship Chains This element contains a list of the individual Chains this relationship pertains to. Relationship NatureSchema path: Relationship > Relationship Nature The Relationship_Nature element defines the nature of the relationship between this element and the target element, such as ChildOf, HasMember or Requires to name a few. Relationship NoteSchema path: Relationship Notes > Relationship Note This element contains a note regarding the relationships between CWE entries. Relationship NotesSchema path: Relationship Notes This structure houses one or more Relationship_Note elements, which each contain details regarding the relationships between CWE entries. Relationship Target FormSchema path: Relationship > Relationship Target Form The Relationship_Target_Form element defines the form of the target of this relationship, such as Category, Weakness, View or Compound_Element. Relationship Target IDSchema path: Relationship > Relationship Target ID The Relationship_Target_ID specifies the unique ID of the target element of the relationship. Relationship View IDSchema path: Relationship > Relationship Views > Relationship View ID Specifies the unique ID of the individual view element to which this relationship pertains. This ID must correspond to a View. Relationship ViewsSchema path: Relationship > Relationship Views This element contains a list of the individual Views to which this relationship pertains. RelationshipsSchema path: Relationships The Relationships structure contains one or more Relationship elements, each of which identifies an association between this structure, whether it is a Weakness, Category, or Compound_Element and another structure. Relevant PropertiesSchema path: Common Attributes > Relevant Properties This structure contains one or more Relevant_Property elements. Each Relevant_Property element identifies a property that is required by the code or a resource in order to function as specified. Correctly labeling all of the relevant properties can help to figure out what the root cause of a vulnerability might be. Relevant PropertySchema path: Common Attributes > Relevant Properties > Relevant Property Each Relevant_Property element identifies a property that is required by the code or a resource in order to function as specified. Correctly labeling all of the relevant properties can help to figure out what the root cause of a vulnerability might be. Research GapSchema path: Research Gaps > Research Gap This element identifies potential opportunities for the vulnerability research community to conduct further exploration of issues related to this weakness. It is intended to highlight parts of CWE that have not received sufficient attention from researchers. This should be filled out where appropriate for weaknesses and categories. Research GapsSchema path: Research Gaps This structure contains one or more Research gap elements, each of which identifies potential opportunities for the vulnerability research community to conduct further exploration of issues related to this weakness. It is intended to highlight parts of CWE that have not received sufficient attention from researchers. This should be filled out where appropriate for weaknesses and categories. StakeholderSchema path: View Attributes > View Audience > Audience > Stakeholder The Stakeholder element specifies what types of members of the CWE community might be interested in this view. Stakeholder DescriptionSchema path: View Attributes > View Audience > Audience > Stakeholder Description The Stakeholder_Description element provides some text describing what properties of this View this particular Stakeholder might find useful. Status (Category)Schema path: Category > Status The Status attribute defines the status level for this category. Status (Compound Element)Schema path: Compound Element > Status The Status attribute defines the status level for this compound element. Status (View)Schema path: View > Status The Status attribute defines the status level for this view. Status (Weakness)Schema path: Weakness > Status The Status attribute defines the status level for this weakness. SubmissionSchema path: Content History > Submission This element houses the subelements which identify the submitter and the submitter's comments related to this entry. This element has a single attribute, Submission_Source, which provides a general idea of how the initial information for this entry was obtained, whether internal to MITRE, external, donated, etc. Submission CommentSchema path: Content History > Submission > Submission Comment This element provides the author with a place to store any comments regarding the content of this weakness entry, such as assumptions made, reasons for omitting elements, contact information, pending questions, etc. Submission DateSchema path: Content History > Submission > Submission Date This element should provide the date on which this content was authored in YYYY-MM-DD format. Submission SourceSchema path: Content History > Submission > Submission Source This attribute identifies how the initial information for this entry was obtained. SubmitterSchema path: Content History > Submission > Submitter This element should contain the name of the author for this entry. Submitter OrganizationSchema path: Content History > Submission > Submitter Organization This element should identify the author's organization. Taxonomy MappingSchema path: Common Attributes > Taxonomy Mappings > Taxonomy Mapping This structure describes mappings to nodes of other taxonomies that are similar in meaning to this node. Although this may sound similar to Source_Taxonomy, Source_Taxonomy is designed to provide a history and pedigree for the entry, whereas Taxonomy_Mapping allows similar nodes in other collections to be identified as matching concepts with this weakness. For example, Taxonomy_Mapping should be used to map the CWE entries to their OWASP Top 10 equivalents. The sole attribute is "Mapped_Taxonomy_Name" which is used to identify the taxonomy to which this weakness is being mapped. Taxonomy MappingsSchema path: Common Attributes > Taxonomy Mappings The Taxonomy_Mappings element contains one or more Taxonomy_Mapping structures which provide a mapping from this entry to an entry in a different taxonomy. Technology ClassSchema path: Common Attributes > Applicable Platforms > Technology Classes > Technology Class This element identifies a single Technology_Class in which this entry may exist and with what frequency in the specified class. Technology ClassesSchema path: Common Attributes > Applicable Platforms > Technology Classes This element contains one or more individual Technology_Class subelements which each represent a technology class in which this weakness is likely to exist. Technology NameSchema path: Common Attributes > Applicable Platforms > Technology Classes > Technology Class > Technology Name This subelement identifies a technology class in which this weakness is likely to exist. TermSchema path: Alternate Terms > Alternate Term > Term This element contains the actual term for the Alternate_Term element. Each term should follow the same conventions as the entry Name attribute. Terminology NoteSchema path: Common Attributes > Terminology Notes > Terminology Note This element is used for general discussion of terminology issues associated with this weakness. It is different from the Alternate_Terms element, which is focused on discussion of specific terms that are commonly used. It should be filled out in any entry for which there is no established terminology, or if there are multiple uses of the same key term. Terminology NotesSchema path: Common Attributes > Terminology Notes This element contains one or more Terminology_Note elements that each contain a discussion of terminology issues related to this weakness. It is different from the Alternate_Terms element, which is focused on discussion of specific terms that are commonly used. It should be filled out in any entry for which there is no established terminology, or if there are multiple uses of the same key term. TextSchema path: Text Presentation Element: This element is used to define a paragraph of text. Text TitleSchema path: Text Title Presentation Element: This element is used to define bold-faced title for a subsequent block of text. Theoretical NoteSchema path: Common Attributes > Theoretical Notes > Theoretical Note This element is used to describe the weakness using vulnerability theory concepts, which can be useful in understanding the Research view. It should be filled out as needed, especially in cases where the application of vulnerability theory is not necessarily obvious for the weakness. Theoretical NotesSchema path: Common Attributes > Theoretical Notes This element contains one or more Theoretical_Note elements that each describe the weakness using vulnerability theory concepts. It should be filled out as needed, especially in cases where the application of vulnerability theory is not necessarily obvious for the weakness. Time of IntroductionSchema path: Common Attributes > Time of Introduction The Time_of_Introduction element contains the points of time in the software life cycle at which the weakness may be introduced. If there are multiple points of time at which the weakness may be introduced, then separate Introduction elements should be included for each. This element should be populated for all weakness bases and variants. ViewSchema path: View Each View element represents a perspective with which one might look at the weaknesses in CWE. CWE-699 Development Concepts, CWE-1000 Research Concepts and are two examples of Views. View AttributesSchema path: View Attributes The View_Attributes structure is a collection of common elements which might be shared by all Views. View AudienceSchema path: View Attributes > View Audience The View_Audience element provides a reference to the targeted audiences or groups for this view. View FilterSchema path: View Attributes > View Filter The View_Filter element holds an XSL query for identifying which elements are members of an implicit slice. This should only be present for implicit slices. View ObjectiveSchema path: View Attributes > View Objective The View_Objective element describes the perspective from which this View is constructed. View StructureSchema path: View Attributes > View Structure The View_Structure element describes how this view is being constructed. Valid values are: Implicit Slice = a slice based on a filter criteria; Explicit Slice = a slice based on arbitrary membership, as defined by specific relationships between entries; Graph = a bounded graphical slice based on ChildOf relationships. ViewsSchema path: Weakness Catalog > Views The Views structure contains zero or more View elements. Each View element represents a perspective with which one might look at the weaknesses in CWE. CWE-699 Development View and CWE-1000 Research View are two examples of Views. WeaknessSchema path: Weakness Each Weakness element represents an actual weakness entry in CWE, such as CWE-311 Failure to Encrypt Sensitive Data or CWE-326 Weak Encryption. Weakness AbstractionSchema path: Weakness > Weakness Abstraction The Weakness_Abstraction attribute defines the abstraction level for this weakness. Acceptable values are "Class", which is the most abstract type of Weakness such as CWE-362 Race Conditions, "Base" which is a more specific type of weakness that is still mostly independent of a specific resource or technology such as CWE-567 Unsynchronized Access to Shared Data, and "Variant" which is a weakness specific to a particular resource, technology or context. Weakness CatalogSchema path: Weakness Catalog The Weakness_Catalog structure represents a collection of software security issues (flaws, faults, bugs, vulnerabilities, weaknesses, etc). The name used by CWE is usually "CWE". However, if this collection is a subset of CWE, then a more appropriate name should be used. It has two required attributes: Catalog_Name and Catalog_Version. Weakness OrdinalitiesSchema path: Common Attributes > Weakness Ordinalities This element contains one or more Weakness_Ordinality elements, each of which describes when this entry is primary - where the weakness exists independent of other weaknesses, or when this entry might be resultant - where the weakness is typically related to the presence of some other weaknesses. This should be filled out for all Weakness Base and Variant entries. Weakness OrdinalitySchema path: Common Attributes > Weakness Ordinalities > Weakness Ordinality This element describes when this entry is primary - where the weakness exists independent of other weaknesses, or when this entry might be resultant - where the weakness is typically related to the presence of some other weaknesses. The Ordinality subelement identifies whether or not we are providing context around when this entry is primary, or resultant. The Ordinality_Description contains the description of the context in which this entry is primary or resultant. It is important to note that it is possible for the same entry to be primary in some instances and resultant in others. WeaknessesSchema path: Weakness Catalog > Weaknesses The Weaknesses structure contains zero or more Weakness elements. Each Weakness element represents an actual weakness entry in CWE, such as CWE-311 Failure to Encrypt Sensitive Data or CWE-326 Weak Encryption. White Box DefinitionSchema path: Common Attributes > White Box Definitions > White Box Definition This element describes the weakness from a white box perspective, meaning that the view includes the knowledge of control flow, data flow, and all other inner workings of the software in which the weakness exists. White Box DefinitionsSchema path: Common Attributes > White Box Definitions This structure contains one or more White_Box_Definition elements, each of which describes the weakness from a white box perspective, meaning that the view includes the knowledge of control flow, data flow, and all other inner workings of the software in which the weakness exists. |