Common Weakness Enumeration (CWE)
Common Weakness Enumeration (CWE) is an encyclopedia of over 600 types of software weaknesses . Some of the classes are buffer overflow, directory traversal, OS injection, race condition,
cross-site scripting, hard-coded password and insecure random numbers. CWE is a widely-used compilation, which
has gone through many iterations. Many tools and projects are based on it. Each CWE has a variety of
information, such as description summary, extended description, white box definition, consequences, examples,
background details and other notes, recorded occurrences (Common Vulnerabilities and Exposures or CVE),
mitigations, relations to other CWEs, and references.
Software Fault Patterns (SFP)
Software Fault Patterns (SFP) are a clustering of CWEs into related weakness categories.
Each cluster is factored into formally defined attributes, with sites footholds, conditions, properties,
sources, sinks, etc. This work overcomes the problem of combinations of attributes in CWE. For instance, the SFP
factored attributes are more clear than the irregular coverage of CWEs.
Semantic Templates (ST)
Semantic templates (ST) build mental models, which help us understand software weaknesses. Each ST is a human
and machine understandable representation of:
- The software faults that lead to a weakness.
- The resources that a weakness affects.
- The weakness attributes.
- The consequences/failures resulting from the weakness."
The NSA Center for Assured Software (CAS)
The NSA Center for Assured Software (CAS) defines the following Weakness Classes in its "Static Analysis Tool
Study - Methodology"
Software State-of-the-Art Resources (SOAR)
The Software State-of-the-Art Resources (SOAR) Matrix defines and describes a process for selecting and using
appropriate analysis tools and techniques for evaluating software for software (security) assurance. In
particular, it identifies types of tools and techniques available for evaluating software, as well as the
following technical objectives those tools and techniques can meet :
SEI CERT C Coding Standard
The SEI CERT C Coding Standard defines the following "rules for secure coding in the C programming language"
with the goal to "to develop safe, reliable, and secure systems, for example by eliminating undefined behaviors
that can lead to undefined program behaviors and exploitable vulnerabilities"
Common Vulnerabilities and Exposures (CVE)
The Common Vulnerabilities and Exposures (CVE) is "a dictionary of publicly known information security
vulnerabilities and exposures" . "CVE’s common identifiers enable data exchange between security products and
provide a baseline index point for evaluating coverage of tools and services.".
Open Web Application Security Project (OWASP)
The Open Web Application Security Project (OWASP) defines 20 categories of vulnerabilities.
Common Attack Pattern Enumeration and
The Common Attack Pattern Enumeration and Classification (CAPEC) "is a comprehensive dictionary and
classification taxonomy of known attacks that can be used by analysts, developers, testers, and educators to
advance community understanding and enhance defenses"
ISO/IEC JTC1/SC22/WG23 Technical Report
ISO/IEC/JTC 1/SC 22/WG 23 is working on a Technical Report (RT), which includes a "taxonomic hierarchy of
vulnerabilities", giving each vulnerability an arbitrary three-letter code . The general part, TR 24772-1, is an
and applies to all languages. There are many supplements, one for each language -- for example, TR24772-2 Ada,
TR24772-3 C, and TR24772-9 C++.
Classification of Defects in Health Software", Association for the Advancement of Medical Instrumentation
(AAMI) Committee Draft Version