From bfe0db77b4e16e3099a1e58b8db8f18120a11117 Mon Sep 17 00:00:00 2001 From: MaineK00n Date: Fri, 20 Jan 2023 18:02:07 +0900 Subject: [PATCH] feat(cwe): add cwe-id for category and view (#1578) --- cwe/en.go | 2628 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 2628 insertions(+) diff --git a/cwe/en.go b/cwe/en.go index 5c48ef5c..ed63a875 100644 --- a/cwe/en.go +++ b/cwe/en.go @@ -6710,4 +6710,2632 @@ var CweDictEn = map[string]Cwe{ ExtendedDescription: "", Lang: "en", }, + "1": { + CweID: "1", + Name: "DEPRECATED: Location", + Description: "This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "10": { + CweID: "10", + Name: "DEPRECATED: ASP.NET Environment Issues", + Description: "This category has been deprecated. It added unnecessary depth and complexity to its associated views.", + Lang: "en", + }, + "100": { + CweID: "100", + Name: "DEPRECATED: Technology-Specific Input Validation Problems", + Description: "This category has been deprecated. It was originally intended as a \"catch-all\" for input validation problems in technologies that did not have their own CWE, but introduces unnecessary depth to the hierarchy.", + Lang: "en", + }, + "1001": { + CweID: "1001", + Name: "SFP Secondary Cluster: Use of an Improper API", + Description: "This category identifies Software Fault Patterns (SFPs) within the Use of an Improper API cluster (SFP3).", + Lang: "en", + }, + "1002": { + CweID: "1002", + Name: "SFP Secondary Cluster: Unexpected Entry Points", + Description: "This category identifies Software Fault Patterns (SFPs) within the Unexpected Entry Points cluster.", + Lang: "en", + }, + "1005": { + CweID: "1005", + Name: "7PK - Input Validation and Representation", + Description: "This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that exist when an application does not properly validate or represent input. According to the authors of the Seven Pernicious Kingdoms, \"Input validation and representation problems are caused by metacharacters, alternate encodings and numeric representations. Security problems result from trusting input.\"", + Lang: "en", + }, + "1006": { + CweID: "1006", + Name: "Bad Coding Practices", + Description: "Weaknesses in this category are related to coding practices that are deemed unsafe and increase the chances that an exploitable vulnerability will be present in the application. These weaknesses do not directly introduce a vulnerability, but indicate that the product has not been carefully developed or maintained. If a program is complex, difficult to maintain, not portable, or shows evidence of neglect, then there is a higher likelihood that weaknesses are buried in the code.", + Lang: "en", + }, + "1009": { + CweID: "1009", + Name: "Audit", + Description: "Weaknesses in this category are related to the design and architecture of audit-based components of the system. Frequently these deal with logging user activities in order to identify attackers and modifications to the system. The weaknesses in this category could lead to a degradation of the quality of the audit capability if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "101": { + CweID: "101", + Name: "DEPRECATED: Struts Validation Problems", + Description: "This category has been deprecated. It was originally used for organizing the Development View (CWE-69 9), but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "1010": { + CweID: "1010", + Name: "Authenticate Actors", + Description: "Weaknesses in this category are related to the design and architecture of authentication components of the system. Frequently these deal with verifying the entity is indeed who it claims to be. The weaknesses in this category could lead to a degradation of the quality of authentication if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1011": { + CweID: "1011", + Name: "Authorize Actors", + Description: "Weaknesses in this category are related to the design and architecture of a system's authorization components. Frequently these deal with enforcing that agents have the required permissions before performing certain operations, such as modifying data. The weaknesses in this category could lead to a degradation of quality of the authorization capability if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1012": { + CweID: "1012", + Name: "Cross Cutting", + Description: "Weaknesses in this category are related to the design and architecture of multiple security tactics and how they affect a system. For example, information exposure can impact the Limit Access and Limit Exposure security tactics. The weaknesses in this category could lead to a degradation of the quality of many capabilities if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1013": { + CweID: "1013", + Name: "Encrypt Data", + Description: "Weaknesses in this category are related to the design and architecture of data confidentiality in a system. Frequently these deal with the use of encryption libraries. The weaknesses in this category could lead to a degradation of the quality data encryption if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1014": { + CweID: "1014", + Name: "Identify Actors", + Description: "Weaknesses in this category are related to the design and architecture of a system's identification management components. Frequently these deal with verifying that external agents provide inputs into the system. The weaknesses in this category could lead to a degradation of the quality of identification management if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1015": { + CweID: "1015", + Name: "Limit Access", + Description: "Weaknesses in this category are related to the design and architecture of system resources. Frequently these deal with restricting the amount of resources that are accessed by actors, such as memory, network connections, CPU or access points. The weaknesses in this category could lead to a degradation of the quality of authentication if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1016": { + CweID: "1016", + Name: "Limit Exposure", + Description: "Weaknesses in this category are related to the design and architecture of the entry points to a system. Frequently these deal with minimizing the attack surface through designing the system with the least needed amount of entry points. The weaknesses in this category could lead to a degradation of a system's defenses if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1017": { + CweID: "1017", + Name: "Lock Computer", + Description: "Weaknesses in this category are related to the design and architecture of a system's lockout mechanism. Frequently these deal with scenarios that take effect in case of multiple failed attempts to access a given resource. The weaknesses in this category could lead to a degradation of access to system assets if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1018": { + CweID: "1018", + Name: "Manage User Sessions", + Description: "Weaknesses in this category are related to the design and architecture of session management. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session management if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1019": { + CweID: "1019", + Name: "Validate Inputs", + Description: "Weaknesses in this category are related to the design and architecture of a system's input validation components. Frequently these deal with sanitizing, neutralizing and validating any externally provided inputs to minimize malformed data from entering the system and preventing code injection in the input data. The weaknesses in this category could lead to a degradation of the quality of data flow in a system if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1020": { + CweID: "1020", + Name: "Verify Message Integrity", + Description: "Weaknesses in this category are related to the design and architecture of a system's data integrity components. Frequently these deal with ensuring integrity of data, such as messages, resource files, deployment files, and configuration files. The weaknesses in this category could lead to a degradation of data integrity quality if they are not addressed when designing or implementing a secure architecture.", + Lang: "en", + }, + "1027": { + CweID: "1027", + Name: "OWASP Top Ten 2017 Category A1 - Injection", + Description: "Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1028": { + CweID: "1028", + Name: "OWASP Top Ten 2017 Category A2 - Broken Authentication", + Description: "Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1029": { + CweID: "1029", + Name: "OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure", + Description: "Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1030": { + CweID: "1030", + Name: "OWASP Top Ten 2017 Category A4 - XML External Entities (XXE)", + Description: "Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1031": { + CweID: "1031", + Name: "OWASP Top Ten 2017 Category A5 - Broken Access Control", + Description: "Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1032": { + CweID: "1032", + Name: "OWASP Top Ten 2017 Category A6 - Security Misconfiguration", + Description: "Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1033": { + CweID: "1033", + Name: "OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS)", + Description: "Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1034": { + CweID: "1034", + Name: "OWASP Top Ten 2017 Category A8 - Insecure Deserialization", + Description: "Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1035": { + CweID: "1035", + Name: "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", + Description: "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1036": { + CweID: "1036", + Name: "OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring", + Description: "Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2017.", + Lang: "en", + }, + "1129": { + CweID: "1129", + Name: "CISQ Quality Measures (2016) - Reliability", + Description: "Weaknesses in this category are related to the CISQ Quality Measures for Reliability, as documented in 2016 with the Automated Source Code CISQ Reliability Measure (ASCRM) Specification 1.0. Presence of these weaknesses could reduce the reliability of the software.", + Lang: "en", + }, + "1130": { + CweID: "1130", + Name: "CISQ Quality Measures (2016) - Maintainability", + Description: "Weaknesses in this category are related to the CISQ Quality Measures for Maintainability, as documented in 2016 with the Automated Source Code Maintainability Measure (ASCMM) Specification 1.0. Presence of these weaknesses could reduce the maintainability of the software.", + Lang: "en", + }, + "1131": { + CweID: "1131", + Name: "CISQ Quality Measures (2016) - Security", + Description: "Weaknesses in this category are related to the CISQ Quality Measures for Security, as documented in 2016 with the Automated Source Code Security Measure (ASCSM) Specification 1.0. Presence of these weaknesses could reduce the security of the software.", + Lang: "en", + }, + "1132": { + CweID: "1132", + Name: "CISQ Quality Measures (2016) - Performance Efficiency", + Description: "Weaknesses in this category are related to the CISQ Quality Measures for Performance Efficiency, as documented in 2016 with the Automated Source Code Performance Efficiency Measure (ASCPEM) Specification 1.0. Presence of these weaknesses could reduce the performance efficiency of the software.", + Lang: "en", + }, + "1134": { + CweID: "1134", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Input Validation and Data Sanitization (IDS) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1135": { + CweID: "1135", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1136": { + CweID: "1136", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1137": { + CweID: "1137", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Numeric Types and Operations (NUM) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1138": { + CweID: "1138", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1139": { + CweID: "1139", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Object Orientation (OBJ) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1140": { + CweID: "1140", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Methods (MET) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1141": { + CweID: "1141", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Exceptional Behavior (ERR) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1142": { + CweID: "1142", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Visibility and Atomicity (VNA) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1143": { + CweID: "1143", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Locking (LCK) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1144": { + CweID: "1144", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Thread APIs (THI) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1145": { + CweID: "1145", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Thread Pools (TPS) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1146": { + CweID: "1146", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Thread-Safety Miscellaneous (TSM) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1147": { + CweID: "1147", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1148": { + CweID: "1148", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Serialization (SER) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1149": { + CweID: "1149", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Platform Security (SEC) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1150": { + CweID: "1150", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Runtime Environment (ENV) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1151": { + CweID: "1151", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Java Native Interface (JNI) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1152": { + CweID: "1152", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1153": { + CweID: "1153", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Android (DRD) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1155": { + CweID: "1155", + Name: "SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Preprocessor (PRE) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1156": { + CweID: "1156", + Name: "SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1157": { + CweID: "1157", + Name: "SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1158": { + CweID: "1158", + Name: "SEI CERT C Coding Standard - Guidelines 04. Integers (INT)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Integers (INT) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1159": { + CweID: "1159", + Name: "SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Floating Point (FLP) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1160": { + CweID: "1160", + Name: "SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1161": { + CweID: "1161", + Name: "SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1162": { + CweID: "1162", + Name: "SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Memory Management (MEM) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1163": { + CweID: "1163", + Name: "SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1165": { + CweID: "1165", + Name: "SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Environment (ENV) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1166": { + CweID: "1166", + Name: "SEI CERT C Coding Standard - Guidelines 11. Signals (SIG)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Signals (SIG) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1167": { + CweID: "1167", + Name: "SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Error Handling (ERR) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1168": { + CweID: "1168", + Name: "SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Application Programming Interfaces (API) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1169": { + CweID: "1169", + Name: "SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Concurrency (CON) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1170": { + CweID: "1170", + Name: "SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1171": { + CweID: "1171", + Name: "SEI CERT C Coding Standard - Guidelines 50. POSIX (POS)", + Description: "Weaknesses in this category are related to the rules and recommendations in the POSIX (POS) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1172": { + CweID: "1172", + Name: "SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN) ", + Description: "Weaknesses in this category are related to the rules and recommendations in the Microsoft Windows (WIN) section of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1175": { + CweID: "1175", + Name: "SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Concurrency (CON) section of the SEI CERT Oracle Secure Coding Standard for Java.", + Lang: "en", + }, + "1179": { + CweID: "1179", + Name: "SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Input Validation and Data Sanitization (IDS) section of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1180": { + CweID: "1180", + Name: "SEI CERT Perl Coding Standard - Guidelines 02. Declarations and Initialization (DCL)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) section of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1181": { + CweID: "1181", + Name: "SEI CERT Perl Coding Standard - Guidelines 03. Expressions (EXP)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) section of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1182": { + CweID: "1182", + Name: "SEI CERT Perl Coding Standard - Guidelines 04. Integers (INT)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Integers (INT) section of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1183": { + CweID: "1183", + Name: "SEI CERT Perl Coding Standard - Guidelines 05. Strings (STR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Strings (STR) section of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1184": { + CweID: "1184", + Name: "SEI CERT Perl Coding Standard - Guidelines 06. Object-Oriented Programming (OOP)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Object-Oriented Programming (OOP) section of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1185": { + CweID: "1185", + Name: "SEI CERT Perl Coding Standard - Guidelines 07. File Input and Output (FIO)", + Description: "Weaknesses in this category are related to the rules and recommendations in the File Input and Output (FIO) section of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1186": { + CweID: "1186", + Name: "SEI CERT Perl Coding Standard - Guidelines 50. Miscellaneous (MSC)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) section of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1195": { + CweID: "1195", + Name: "Manufacturing and Life Cycle Management Concerns", + Description: "Weaknesses in this category are root-caused to defects that arise in the semiconductor-manufacturing process or during the life cycle and supply chain.", + Lang: "en", + }, + "1196": { + CweID: "1196", + Name: "Security Flow Issues", + Description: "Weaknesses in this category are related to improper design of full-system security flows, including but not limited to secure boot, secure update, and hardware-device attestation.", + Lang: "en", + }, + "1197": { + CweID: "1197", + Name: "Integration Issues", + Description: "Weaknesses in this category are those that arise due to integration of multiple hardware Intellectual Property (IP) cores, from System-on-a-Chip (SoC) subsystem interactions, or from hardware platform subsystem interactions.", + Lang: "en", + }, + "1198": { + CweID: "1198", + Name: "Privilege Separation and Access Control Issues", + Description: "Weaknesses in this category are related to features and mechanisms providing hardware-based isolation and access control (e.g., identity, policy, locking control) of sensitive shared hardware resources such as registers and fuses.", + Lang: "en", + }, + "1199": { + CweID: "1199", + Name: "General Circuit and Logic Design Concerns", + Description: "Weaknesses in this category are related to hardware-circuit design and logic (e.g., CMOS transistors, finite state machines, and registers) as well as issues related to hardware description languages such as System Verilog and VHDL.", + Lang: "en", + }, + "1201": { + CweID: "1201", + Name: "Core and Compute Issues", + Description: "Weaknesses in this category are typically associated with CPUs, Graphics, Vision, AI, FPGA, and microcontrollers.", + Lang: "en", + }, + "1202": { + CweID: "1202", + Name: "Memory and Storage Issues", + Description: "Weaknesses in this category are typically associated with memory (e.g., DRAM, SRAM) and storage technologies (e.g., NAND Flash, OTP, EEPROM, and eMMC).", + Lang: "en", + }, + "1203": { + CweID: "1203", + Name: "Peripherals, On-chip Fabric, and Interface/IO Problems", + Description: "Weaknesses in this category are related to hardware security problems that apply to peripheral devices, IO interfaces, on-chip interconnects, network-on-chip (NoC), and buses. For example, this category includes issues related to design of hardware interconnect and/or protocols such as PCIe, USB, SMBUS, general-purpose IO pins, and user-input peripherals such as mouse and keyboard.", + Lang: "en", + }, + "1205": { + CweID: "1205", + Name: "Security Primitives and Cryptography Issues", + Description: "Weaknesses in this category are related to hardware implementations of cryptographic protocols and other hardware-security primitives such as physical unclonable functions (PUFs) and random number generators (RNGs).", + Lang: "en", + }, + "1206": { + CweID: "1206", + Name: "Power, Clock, Thermal, and Reset Concerns", + Description: "Weaknesses in this category are related to system power, voltage, current, temperature, clocks, system state saving/restoring, and resets at the platform and SoC level.", + Lang: "en", + }, + "1207": { + CweID: "1207", + Name: "Debug and Test Problems", + Description: "Weaknesses in this category are related to hardware debug and test interfaces such as JTAG and scan chain.", + Lang: "en", + }, + "1208": { + CweID: "1208", + Name: "Cross-Cutting Problems", + Description: "Weaknesses in this category can arise in multiple areas of hardware design or can apply to a wide cross-section of components.", + Lang: "en", + }, + "1210": { + CweID: "1210", + Name: "Audit / Logging Errors", + Description: "Weaknesses in this category are related to audit-based components of a software system. Frequently these deal with logging user activities in order to identify undesired access and modifications to the system. The weaknesses in this category could lead to a degradation of the quality of the audit capability if they are not addressed.", + Lang: "en", + }, + "1211": { + CweID: "1211", + Name: "Authentication Errors", + Description: "Weaknesses in this category are related to authentication components of a system. Frequently these deal with the ability to verify that an entity is indeed who it claims to be. If not addressed when designing or implementing a software system, these weaknesses could lead to a degradation of the quality of the authentication capability.", + Lang: "en", + }, + "1212": { + CweID: "1212", + Name: "Authorization Errors", + Description: "Weaknesses in this category are related to authorization components of a system. Frequently these deal with the ability to enforce that agents have the required permissions before performing certain operations, such as modifying data. If not addressed when designing or implementing a software system, these weaknesses could lead to a degradation of the quality of the authorization capability.", + Lang: "en", + }, + "1213": { + CweID: "1213", + Name: "Random Number Issues", + Description: "Weaknesses in this category are related to a software system's random number generation.", + Lang: "en", + }, + "1214": { + CweID: "1214", + Name: "Data Integrity Issues", + Description: "Weaknesses in this category are related to a software system's data integrity components. Frequently these deal with the ability to ensure the integrity of data, such as messages, resource files, deployment files, and configuration files. The weaknesses in this category could lead to a degradation of data integrity quality if they are not addressed.", + Lang: "en", + }, + "1215": { + CweID: "1215", + Name: "Data Validation Issues", + Description: "Weaknesses in this category are related to a software system's components for input validation, output validation, or other kinds of validation. Validation is a frequently-used technique for ensuring that data conforms to expectations before it is further processed as input or output. There are many varieties of validation (see CWE-20, which is just for input validation). Validation is distinct from other techniques that attempt to modify data before processing it, although developers may consider all attempts to product \"safe\" inputs or outputs as some kind of validation. Regardless, validation is a powerful tool that is often used to minimize malformed data from entering the system, or indirectly avoid code injection or other potentially-malicious patterns when generating output. The weaknesses in this category could lead to a degradation of the quality of data flow in a system if they are not addressed.", + Lang: "en", + }, + "1216": { + CweID: "1216", + Name: "Lockout Mechanism Errors", + Description: "Weaknesses in this category are related to a software system's lockout mechanism. Frequently these deal with scenarios that take effect in case of multiple failed attempts to access a given resource. The weaknesses in this category could lead to a degradation of access to system assets if they are not addressed.", + Lang: "en", + }, + "1217": { + CweID: "1217", + Name: "User Session Errors", + Description: "Weaknesses in this category are related to session management. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session management if they are not addressed.", + Lang: "en", + }, + "1218": { + CweID: "1218", + Name: "Memory Buffer Errors", + Description: "Weaknesses in this category are related to the handling of memory buffers within a software system.", + Lang: "en", + }, + "1219": { + CweID: "1219", + Name: "File Handling Issues", + Description: "Weaknesses in this category are related to the handling of files within a software system. Files, directories, and folders are so central to information technology that many different weaknesses and variants have been discovered.", + Lang: "en", + }, + "1225": { + CweID: "1225", + Name: "Documentation Issues", + Description: "Weaknesses in this category are related to the documentation provided to support, create, or analyze a product.", + Lang: "en", + }, + "1226": { + CweID: "1226", + Name: "Complexity Issues", + Description: "Weaknesses in this category are associated with things being overly complex.", + Lang: "en", + }, + "1227": { + CweID: "1227", + Name: "Encapsulation Issues", + Description: "Weaknesses in this category are related to issues surrounding the bundling of data with the methods intended to operate on that data.", + Lang: "en", + }, + "1228": { + CweID: "1228", + Name: "API / Function Errors", + Description: "Weaknesses in this category are related to the use of built-in functions or external APIs.", + Lang: "en", + }, + "1237": { + CweID: "1237", + Name: "SFP Primary Cluster: Faulty Resource Release", + Description: "This category identifies Software Fault Patterns (SFPs) within the Faulty Resource Release cluster (SFP37).", + Lang: "en", + }, + "1238": { + CweID: "1238", + Name: "SFP Primary Cluster: Failure to Release Memory", + Description: "This category identifies Software Fault Patterns (SFPs) within the Failure to Release Memory cluster (SFP38).", + Lang: "en", + }, + "1306": { + CweID: "1306", + Name: "CISQ Quality Measures - Reliability", + Description: "Weaknesses in this category are related to the CISQ Quality Measures for Reliability. Presence of these weaknesses could reduce the reliability of the software.", + Lang: "en", + }, + "1307": { + CweID: "1307", + Name: "CISQ Quality Measures - Maintainability", + Description: "Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the maintainability of the software.", + Lang: "en", + }, + "1308": { + CweID: "1308", + Name: "CISQ Quality Measures - Security", + Description: "Weaknesses in this category are related to the CISQ Quality Measures for Security. Presence of these weaknesses could reduce the security of the software.", + Lang: "en", + }, + "1309": { + CweID: "1309", + Name: "CISQ Quality Measures - Efficiency", + Description: "Weaknesses in this category are related to the CISQ Quality Measures for Efficiency. Presence of these weaknesses could reduce the efficiency of the software.", + Lang: "en", + }, + "133": { + CweID: "133", + Name: "String Errors", + Description: "Weaknesses in this category are related to the creation and modification of strings.", + Lang: "en", + }, + "1345": { + CweID: "1345", + Name: "OWASP Top Ten 2021 Category A01:2021 - Broken Access Control", + Description: "Weaknesses in this category are related to the A01 category \"Broken Access Control\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1346": { + CweID: "1346", + Name: "OWASP Top Ten 2021 Category A02:2021 - Cryptographic Failures", + Description: "Weaknesses in this category are related to the A02 category \"Cryptographic Failures\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1347": { + CweID: "1347", + Name: "OWASP Top Ten 2021 Category A03:2021 - Injection", + Description: "Weaknesses in this category are related to the A03 category \"Injection\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1348": { + CweID: "1348", + Name: "OWASP Top Ten 2021 Category A04:2021 - Insecure Design", + Description: "Weaknesses in this category are related to the A04 \"Insecure Design\" category in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1349": { + CweID: "1349", + Name: "OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration", + Description: "Weaknesses in this category are related to the A05 category \"Security Misconfiguration\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1352": { + CweID: "1352", + Name: "OWASP Top Ten 2021 Category A06:2021 - Vulnerable and Outdated Components", + Description: "Weaknesses in this category are related to the A06 category \"Vulnerable and Outdated Components\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1353": { + CweID: "1353", + Name: "OWASP Top Ten 2021 Category A07:2021 - Identification and Authentication Failures", + Description: "Weaknesses in this category are related to the A07 category \"Identification and Authentication Failures\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1354": { + CweID: "1354", + Name: "OWASP Top Ten 2021 Category A08:2021 - Software and Data Integrity Failures", + Description: "Weaknesses in this category are related to the A08 category \"Software and Data Integrity Failures\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1355": { + CweID: "1355", + Name: "OWASP Top Ten 2021 Category A09:2021 - Security Logging and Monitoring Failures", + Description: "Weaknesses in this category are related to the A09 category \"Security Logging and Monitoring Failures\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1356": { + CweID: "1356", + Name: "OWASP Top Ten 2021 Category A10:2021 - Server-Side Request Forgery (SSRF)", + Description: "Weaknesses in this category are related to the A10 category \"Server-Side Request Forgery (SSRF)\" in the OWASP Top Ten 2021.", + Lang: "en", + }, + "1359": { + CweID: "1359", + Name: "ICS Communications", + Description: "Weaknesses in this category are related to the \"ICS Communications\" super category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022.", + Lang: "en", + }, + "136": { + CweID: "136", + Name: "Type Errors", + Description: "Weaknesses in this category are caused by improper data type transformation or improper handling of multiple data types.", + Lang: "en", + }, + "1360": { + CweID: "1360", + Name: "ICS Dependencies (& Architecture)", + Description: "Weaknesses in this category are related to the \"ICS Dependencies (& Architecture)\" super category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022.", + Lang: "en", + }, + "1361": { + CweID: "1361", + Name: "ICS Supply Chain", + Description: "Weaknesses in this category are related to the \"ICS Supply Chain\" super category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022.", + Lang: "en", + }, + "1362": { + CweID: "1362", + Name: "ICS Engineering (Constructions/Deployment)", + Description: "Weaknesses in this category are related to the \"ICS Engineering (Constructions/Deployment)\" super category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022.", + Lang: "en", + }, + "1363": { + CweID: "1363", + Name: "ICS Operations (& Maintenance)", + Description: "Weaknesses in this category are related to the \"ICS Operations (& Maintenance)\" super category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022.", + Lang: "en", + }, + "1364": { + CweID: "1364", + Name: "ICS Communications: Zone Boundary Failures", + Description: "Weaknesses in this category are related to the \"Zone Boundary Failures\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1365": { + CweID: "1365", + Name: "ICS Communications: Unreliability", + Description: "Weaknesses in this category are related to the \"Unreliability\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1366": { + CweID: "1366", + Name: "ICS Communications: Frail Security in Protocols", + Description: "Weaknesses in this category are related to the \"Frail Security in Protocols\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1367": { + CweID: "1367", + Name: "ICS Dependencies (& Architecture): External Physical Systems", + Description: "Weaknesses in this category are related to the \"External Physical Systems\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1368": { + CweID: "1368", + Name: "ICS Dependencies (& Architecture): External Digital Systems", + Description: "Weaknesses in this category are related to the \"External Digital Systems\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1369": { + CweID: "1369", + Name: "ICS Supply Chain: IT/OT Convergence/Expansion", + Description: "Weaknesses in this category are related to the \"IT/OT Convergence/Expansion\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "137": { + CweID: "137", + Name: "Data Neutralization Issues", + Description: "Weaknesses in this category are related to the creation or neutralization of data using an incorrect format.", + Lang: "en", + }, + "1370": { + CweID: "1370", + Name: "ICS Supply Chain: Common Mode Frailties", + Description: "Weaknesses in this category are related to the \"Common Mode Frailties\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1371": { + CweID: "1371", + Name: "ICS Supply Chain: Poorly Documented or Undocumented Features", + Description: "Weaknesses in this category are related to the \"Poorly Documented or Undocumented Features\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1372": { + CweID: "1372", + Name: "ICS Supply Chain: OT Counterfeit and Malicious Corruption", + Description: "Weaknesses in this category are related to the \"OT Counterfeit and Malicious Corruption\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1373": { + CweID: "1373", + Name: "ICS Engineering (Construction/Deployment): Trust Model Problems", + Description: "Weaknesses in this category are related to the \"Trust Model Problems\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1374": { + CweID: "1374", + Name: "ICS Engineering (Construction/Deployment): Maker Breaker Blindness", + Description: "Weaknesses in this category are related to the \"Maker Breaker Blindness\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1375": { + CweID: "1375", + Name: "ICS Engineering (Construction/Deployment): Gaps in Details/Data", + Description: "Weaknesses in this category are related to the \"Gaps in Details/Data\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1376": { + CweID: "1376", + Name: "ICS Engineering (Construction/Deployment): Security Gaps in Commissioning", + Description: "Weaknesses in this category are related to the \"Security Gaps in Commissioning\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1377": { + CweID: "1377", + Name: "ICS Engineering (Construction/Deployment): Inherent Predictability in Design", + Description: "Weaknesses in this category are related to the \"Inherent Predictability in Design\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1378": { + CweID: "1378", + Name: "ICS Operations (& Maintenance): Gaps in obligations and training", + Description: "Weaknesses in this category are related to the \"Gaps in obligations and training\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1379": { + CweID: "1379", + Name: "ICS Operations (& Maintenance): Human factors in ICS environments", + Description: "Weaknesses in this category are related to the \"Human factors in ICS environments\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1380": { + CweID: "1380", + Name: "ICS Operations (& Maintenance): Post-analysis changes", + Description: "Weaknesses in this category are related to the \"Post-analysis changes\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1381": { + CweID: "1381", + Name: "ICS Operations (& Maintenance): Exploitable Standard Operational Procedures", + Description: "Weaknesses in this category are related to the \"Exploitable Standard Operational Procedures\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1382": { + CweID: "1382", + Name: "ICS Operations (& Maintenance): Emerging Energy Technologies", + Description: "Weaknesses in this category are related to the \"Emerging Energy Technologies\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1383": { + CweID: "1383", + Name: "ICS Operations (& Maintenance): Compliance/Conformance with Regulatory Requirements", + Description: "Weaknesses in this category are related to the \"Compliance/Conformance with Regulatory Requirements\" category from the SEI ETF \"Categories of Security Vulnerabilities in ICS\" as published in March 2022. Note: members of this category include \"Nearest IT Neighbor\" recommendations from the report, as well as suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1388": { + CweID: "1388", + Name: "Physical Access Issues and Concerns", + Description: "Weaknesses in this category are related to concerns of physical access.", + Lang: "en", + }, + "139": { + CweID: "139", + Name: "DEPRECATED: General Special Element Problems", + Description: "This entry has been deprecated. It is a leftover from PLOVER, but CWE-138 is a more appropriate mapping.", + Lang: "en", + }, + "16": { + CweID: "16", + Name: "Configuration", + Description: "Weaknesses in this category are typically introduced during the configuration of the software.", + Lang: "en", + }, + "169": { + CweID: "169", + Name: "DEPRECATED: Technology-Specific Special Elements", + Description: "This category has been deprecated. It was originally intended as a \"catch-all\" for input validation problems in technologies that did not have their own CWE, but introduces unnecessary depth to the hierarchy.", + Lang: "en", + }, + "17": { + CweID: "17", + Name: "DEPRECATED: Code", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "171": { + CweID: "171", + Name: "DEPRECATED: Cleansing, Canonicalization, and Comparison Errors", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. Weaknesses in this category were related to improper handling of data within protection mechanisms that attempt to perform neutralization for untrusted data. These weaknesses can be found in other similar categories.", + Lang: "en", + }, + "18": { + CweID: "18", + Name: "DEPRECATED: Source Code", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "189": { + CweID: "189", + Name: "Numeric Errors", + Description: "Weaknesses in this category are related to improper calculation or conversion of numbers.", + Lang: "en", + }, + "19": { + CweID: "19", + Name: "Data Processing Errors", + Description: "Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.", + Lang: "en", + }, + "199": { + CweID: "199", + Name: "Information Management Errors", + Description: "Weaknesses in this category are related to improper handling of sensitive information.", + Lang: "en", + }, + "2": { + CweID: "2", + Name: "7PK - Environment", + Description: "This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that are typically introduced during unexpected environmental conditions. According to the authors of the Seven Pernicious Kingdoms, \"This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms.\"", + Lang: "en", + }, + "21": { + CweID: "21", + Name: "DEPRECATED: Pathname Traversal and Equivalence Errors", + Description: "This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category (CWE-1219) or the class Use of Incorrectly-Resolved Name or Reference (CWE-706).", + Lang: "en", + }, + "227": { + CweID: "227", + Name: "7PK - API Abuse", + Description: "This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that involve the software using an API in a manner contrary to its intended use. According to the authors of the Seven Pernicious Kingdoms, \"An API is a contract between a caller and a callee. The most common forms of API misuse occurs when the caller does not honor its end of this contract. For example, if a program does not call chdir() after calling chroot(), it violates the contract that specifies how to change the active root directory in a secure fashion. Another good example of library abuse is expecting the callee to return trustworthy DNS information to the caller. In this case, the caller misuses the callee API by making certain assumptions about its behavior (that the return value can be used for authentication purposes). One can also violate the caller-callee contract from the other side. For example, if a coder subclasses SecureRandom and returns a non-random value, the contract is violated.\"", + Lang: "en", + }, + "251": { + CweID: "251", + Name: "Often Misused: String Management", + Description: "Functions that manipulate strings encourage buffer overflows.", + Lang: "en", + }, + "254": { + CweID: "254", + Name: "7PK - Security Features", + Description: "Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.", + Lang: "en", + }, + "255": { + CweID: "255", + Name: "Credentials Management Errors", + Description: "Weaknesses in this category are related to the management of credentials.", + Lang: "en", + }, + "264": { + CweID: "264", + Name: "Permissions, Privileges, and Access Controls", + Description: "Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.", + Lang: "en", + }, + "265": { + CweID: "265", + Name: "Privilege Issues", + Description: "Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the agent do things that are not ordinarily allowed. For example, there are privileges which allow an agent to perform maintenance functions such as restart a computer.", + Lang: "en", + }, + "275": { + CweID: "275", + Name: "Permission Issues", + Description: "Weaknesses in this category are related to improper assignment or handling of permissions.", + Lang: "en", + }, + "3": { + CweID: "3", + Name: "DEPRECATED: Technology-specific Environment Issues", + Description: "This category has been deprecated. It was originally intended as a \"catch-all\" for environment issues for technologies that did not have their own CWE, but it introduced unnecessary depth and complexity to the Development View (CWE-699).", + Lang: "en", + }, + "310": { + CweID: "310", + Name: "Cryptographic Issues", + Description: "Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.", + Lang: "en", + }, + "320": { + CweID: "320", + Name: "Key Management Errors", + Description: "Weaknesses in this category are related to errors in the management of cryptographic keys.", + Lang: "en", + }, + "355": { + CweID: "355", + Name: "User Interface Security Issues", + Description: "Weaknesses in this category are related to or introduced in the User Interface (UI).", + Lang: "en", + }, + "361": { + CweID: "361", + Name: "7PK - Time and State", + Description: "This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses related to the improper management of time and state in an environment that supports simultaneous or near-simultaneous computation by multiple systems, processes, or threads. According to the authors of the Seven Pernicious Kingdoms, \"Distributed computation is about time and state. That is, in order for more than one component to communicate, state must be shared, and all that takes time. Most programmers anthropomorphize their work. They think about one thread of control carrying out the entire program in the same way they would if they had to do the job themselves. Modern computers, however, switch between tasks very quickly, and in multi-core, multi-CPU, or distributed systems, two events may take place at exactly the same time. Defects rush to fill the gap between the programmer's model of how a program executes and what happens in reality. These defects are related to unexpected interactions between threads, processes, time, and information. These interactions happen through shared state: semaphores, variables, the file system, and, basically, anything that can store information.\"", + Lang: "en", + }, + "371": { + CweID: "371", + Name: "State Issues", + Description: "Weaknesses in this category are related to improper management of system state.", + Lang: "en", + }, + "376": { + CweID: "376", + Name: "DEPRECATED: Temporary File Issues", + Description: "This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. Consider using the File Handling Issues category (CWE-1219).", + Lang: "en", + }, + "380": { + CweID: "380", + Name: "DEPRECATED: Technology-Specific Time and State Issues", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "381": { + CweID: "381", + Name: "DEPRECATED: J2EE Time and State Issues", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "387": { + CweID: "387", + Name: "Signal Errors", + Description: "Weaknesses in this category are related to the improper handling of signals.", + Lang: "en", + }, + "388": { + CweID: "388", + Name: "7PK - Errors", + Description: "This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that occur when an application does not properly handle errors that occur during processing. According to the authors of the Seven Pernicious Kingdoms, \"Errors and error handling represent a class of API. Errors related to error handling are so common that they deserve a special kingdom of their own. As with 'API Abuse,' there are two ways to introduce an error-related security vulnerability: the most common one is handling errors poorly (or not at all). The second is producing errors that either give out too much information (to possible attackers) or are difficult to handle.\"", + Lang: "en", + }, + "389": { + CweID: "389", + Name: "Error Conditions, Return Values, Status Codes", + Description: "This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does not handle all possible return/status codes that could be generated by a function. This type of problem is most often found in conditions that are rarely encountered during the normal operation of the product. Presumably, most bugs related to common conditions are found and eliminated during development and testing. In some cases, the attacker can directly control or influence the environment to trigger the rare conditions.", + Lang: "en", + }, + "398": { + CweID: "398", + Name: "7PK - Code Quality", + Description: "This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained. According to the authors of the Seven Pernicious Kingdoms, \"Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an adversary it provides an opportunity to stress the system in unexpected ways.\"", + Lang: "en", + }, + "399": { + CweID: "399", + Name: "Resource Management Errors", + Description: "Weaknesses in this category are related to improper management of system resources.", + Lang: "en", + }, + "4": { + CweID: "4", + Name: "DEPRECATED: J2EE Environment Issues", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "411": { + CweID: "411", + Name: "Resource Locking Problems", + Description: "Weaknesses in this category are related to improper handling of locks that are used to control access to resources.", + Lang: "en", + }, + "417": { + CweID: "417", + Name: "Communication Channel Errors", + Description: "Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in \"bypass\" attacks, such as those that exploit authentication errors.", + Lang: "en", + }, + "418": { + CweID: "418", + Name: "DEPRECATED: Channel Errors", + Description: "This category has been deprecated because it redundant with the grouping provided by CWE-417.", + Lang: "en", + }, + "429": { + CweID: "429", + Name: "Handler Errors", + Description: "Weaknesses in this category are related to improper management of handlers.", + Lang: "en", + }, + "438": { + CweID: "438", + Name: "Behavioral Problems", + Description: "Weaknesses in this category are related to unexpected behaviors from code that an application uses.", + Lang: "en", + }, + "442": { + CweID: "442", + Name: "DEPRECATED: Web Problems", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "445": { + CweID: "445", + Name: "DEPRECATED: User Interface Errors", + Description: "This weakness has been deprecated because it was a duplicate of CWE-355. All content has been transferred to CWE-355.", + Lang: "en", + }, + "452": { + CweID: "452", + Name: "Initialization and Cleanup Errors", + Description: "Weaknesses in this category occur in behaviors that are used for initialization and breakdown.", + Lang: "en", + }, + "461": { + CweID: "461", + Name: "DEPRECATED: Data Structure Issues", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "465": { + CweID: "465", + Name: "Pointer Issues", + Description: "Weaknesses in this category are related to improper handling of pointers.", + Lang: "en", + }, + "485": { + CweID: "485", + Name: "7PK - Encapsulation", + Description: "This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that occur when the product does not sufficiently encapsulate critical data or functionality. According to the authors of the Seven Pernicious Kingdoms, \"Encapsulation is about drawing strong boundaries. In a web browser that might mean ensuring that your mobile code cannot be abused by other mobile code. On the server it might mean differentiation between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not.\"", + Lang: "en", + }, + "490": { + CweID: "490", + Name: "DEPRECATED: Mobile Code Issues", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "503": { + CweID: "503", + Name: "DEPRECATED: Byte/Object Code", + Description: "This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "504": { + CweID: "504", + Name: "DEPRECATED: Motivation/Intent", + Description: "This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "505": { + CweID: "505", + Name: "DEPRECATED: Intentionally Introduced Weakness", + Description: "This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "513": { + CweID: "513", + Name: "DEPRECATED: Intentionally Introduced Nonmalicious Weakness", + Description: "This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "517": { + CweID: "517", + Name: "DEPRECATED: Other Intentional, Nonmalicious Weakness", + Description: "This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "518": { + CweID: "518", + Name: "DEPRECATED: Inadvertently Introduced Weakness", + Description: "This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "519": { + CweID: "519", + Name: "DEPRECATED: .NET Environment Issues", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "557": { + CweID: "557", + Name: "Concurrency Issues", + Description: "Weaknesses in this category are related to concurrent use of shared resources.", + Lang: "en", + }, + "559": { + CweID: "559", + Name: "DEPRECATED: Often Misused: Arguments and Parameters", + Description: "This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.", + Lang: "en", + }, + "569": { + CweID: "569", + Name: "Expression Issues", + Description: "Weaknesses in this category are related to incorrectly written expressions within code.", + Lang: "en", + }, + "60": { + CweID: "60", + Name: "DEPRECATED: UNIX Path Link Problems", + Description: "This category has been deprecated. It covered a very low level of abstraction based on operating system, which was not useful for any existing view.", + Lang: "en", + }, + "63": { + CweID: "63", + Name: "DEPRECATED: Windows Path Link Problems", + Description: "This category has been deprecated. It covered a very low level of abstraction based on operating system, which was not useful for any existing view.", + Lang: "en", + }, + "632": { + CweID: "632", + Name: "DEPRECATED: Weaknesses that Affect Files or Directories", + Description: "This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE.", + Lang: "en", + }, + "633": { + CweID: "633", + Name: "DEPRECATED: Weaknesses that Affect Memory", + Description: "This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE.", + Lang: "en", + }, + "634": { + CweID: "634", + Name: "DEPRECATED: Weaknesses that Affect System Processes", + Description: "This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE.", + Lang: "en", + }, + "68": { + CweID: "68", + Name: "DEPRECATED: Windows Virtual File Problems", + Description: "This category has been deprecated as it was found to be an unnecessary abstraction of platform specific details. Please refer to the category CWE-632 and weakness CWE-66 for relevant relationships.", + Lang: "en", + }, + "70": { + CweID: "70", + Name: "DEPRECATED: Mac Virtual File Problems", + Description: "This category has been deprecated as it was found to be an unnecessary abstraction of platform specific details. Please refer to the category CWE-632 and weakness CWE-66 for relevant relationships.", + Lang: "en", + }, + "712": { + CweID: "712", + Name: "OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)", + Description: "Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "713": { + CweID: "713", + Name: "OWASP Top Ten 2007 Category A2 - Injection Flaws", + Description: "Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "714": { + CweID: "714", + Name: "OWASP Top Ten 2007 Category A3 - Malicious File Execution", + Description: "Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "715": { + CweID: "715", + Name: "OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference", + Description: "Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "716": { + CweID: "716", + Name: "OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)", + Description: "Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "717": { + CweID: "717", + Name: "OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling", + Description: "Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "718": { + CweID: "718", + Name: "OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management", + Description: "Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "719": { + CweID: "719", + Name: "OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage", + Description: "Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "720": { + CweID: "720", + Name: "OWASP Top Ten 2007 Category A9 - Insecure Communications", + Description: "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "721": { + CweID: "721", + Name: "OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access", + Description: "Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2007.", + Lang: "en", + }, + "722": { + CweID: "722", + Name: "OWASP Top Ten 2004 Category A1 - Unvalidated Input", + Description: "Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "723": { + CweID: "723", + Name: "OWASP Top Ten 2004 Category A2 - Broken Access Control", + Description: "Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "724": { + CweID: "724", + Name: "OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management", + Description: "Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "725": { + CweID: "725", + Name: "OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws", + Description: "Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "726": { + CweID: "726", + Name: "OWASP Top Ten 2004 Category A5 - Buffer Overflows", + Description: "Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "727": { + CweID: "727", + Name: "OWASP Top Ten 2004 Category A6 - Injection Flaws", + Description: "Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "728": { + CweID: "728", + Name: "OWASP Top Ten 2004 Category A7 - Improper Error Handling", + Description: "Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "729": { + CweID: "729", + Name: "OWASP Top Ten 2004 Category A8 - Insecure Storage", + Description: "Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "730": { + CweID: "730", + Name: "OWASP Top Ten 2004 Category A9 - Denial of Service", + Description: "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "731": { + CweID: "731", + Name: "OWASP Top Ten 2004 Category A10 - Insecure Configuration Management", + Description: "Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2004.", + Lang: "en", + }, + "735": { + CweID: "735", + Name: "CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Preprocessor (PRE) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "736": { + CweID: "736", + Name: "CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "737": { + CweID: "737", + Name: "CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Expressions (EXP) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "738": { + CweID: "738", + Name: "CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Integers (INT) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "739": { + CweID: "739", + Name: "CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Floating Point (FLP) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "740": { + CweID: "740", + Name: "CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Arrays (ARR) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "741": { + CweID: "741", + Name: "CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Characters and Strings (STR) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "742": { + CweID: "742", + Name: "CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Memory Management (MEM) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "743": { + CweID: "743", + Name: "CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "744": { + CweID: "744", + Name: "CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Environment (ENV) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "745": { + CweID: "745", + Name: "CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Signals (SIG) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "746": { + CweID: "746", + Name: "CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Error Handling (ERR) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "747": { + CweID: "747", + Name: "CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)", + Description: "Weaknesses in this category are related to the rules and recommendations in the Miscellaneous (MSC) chapter of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "748": { + CweID: "748", + Name: "CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)", + Description: "Weaknesses in this category are related to the rules and recommendations in the POSIX (POS) appendix of the CERT C Secure Coding Standard (2008).", + Lang: "en", + }, + "751": { + CweID: "751", + Name: "2009 Top 25 - Insecure Interaction Between Components", + Description: "Weaknesses in this category are listed in the \"Insecure Interaction Between Components\" section of the 2009 CWE/SANS Top 25 Programming Errors.", + Lang: "en", + }, + "752": { + CweID: "752", + Name: "2009 Top 25 - Risky Resource Management", + Description: "Weaknesses in this category are listed in the \"Risky Resource Management\" section of the 2009 CWE/SANS Top 25 Programming Errors.", + Lang: "en", + }, + "753": { + CweID: "753", + Name: "2009 Top 25 - Porous Defenses", + Description: "Weaknesses in this category are listed in the \"Porous Defenses\" section of the 2009 CWE/SANS Top 25 Programming Errors.", + Lang: "en", + }, + "801": { + CweID: "801", + Name: "2010 Top 25 - Insecure Interaction Between Components", + Description: "Weaknesses in this category are listed in the \"Insecure Interaction Between Components\" section of the 2010 CWE/SANS Top 25 Programming Errors.", + Lang: "en", + }, + "802": { + CweID: "802", + Name: "2010 Top 25 - Risky Resource Management", + Description: "Weaknesses in this category are listed in the \"Risky Resource Management\" section of the 2010 CWE/SANS Top 25 Programming Errors.", + Lang: "en", + }, + "803": { + CweID: "803", + Name: "2010 Top 25 - Porous Defenses", + Description: "Weaknesses in this category are listed in the \"Porous Defenses\" section of the 2010 CWE/SANS Top 25 Programming Errors.", + Lang: "en", + }, + "808": { + CweID: "808", + Name: "2010 Top 25 - Weaknesses On the Cusp", + Description: "Weaknesses in this category are not part of the general Top 25, but they were part of the original nominee list from which the Top 25 was drawn.", + Lang: "en", + }, + "810": { + CweID: "810", + Name: "OWASP Top Ten 2010 Category A1 - Injection", + Description: "Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "811": { + CweID: "811", + Name: "OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS)", + Description: "Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "812": { + CweID: "812", + Name: "OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management", + Description: "Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "813": { + CweID: "813", + Name: "OWASP Top Ten 2010 Category A4 - Insecure Direct Object References", + Description: "Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "814": { + CweID: "814", + Name: "OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF)", + Description: "Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "815": { + CweID: "815", + Name: "OWASP Top Ten 2010 Category A6 - Security Misconfiguration", + Description: "Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "816": { + CweID: "816", + Name: "OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage", + Description: "Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "817": { + CweID: "817", + Name: "OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access", + Description: "Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "818": { + CweID: "818", + Name: "OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection", + Description: "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "819": { + CweID: "819", + Name: "OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards", + Description: "Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2010.", + Lang: "en", + }, + "840": { + CweID: "840", + Name: "Business Logic Errors", + Description: "Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.", + Lang: "en", + }, + "845": { + CweID: "845", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)", + Description: "Weaknesses in this category are related to rules in the Input Validation and Data Sanitization (IDS) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "846": { + CweID: "846", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)", + Description: "Weaknesses in this category are related to rules in the Declarations and Initialization (DCL) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "847": { + CweID: "847", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)", + Description: "Weaknesses in this category are related to rules in the Expressions (EXP) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "848": { + CweID: "848", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)", + Description: "Weaknesses in this category are related to rules in the Numeric Types and Operations (NUM) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "849": { + CweID: "849", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)", + Description: "Weaknesses in this category are related to rules in the Object Orientation (OBJ) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "850": { + CweID: "850", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)", + Description: "Weaknesses in this category are related to rules in the Methods (MET) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "851": { + CweID: "851", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)", + Description: "Weaknesses in this category are related to rules in the Exceptional Behavior (ERR) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "852": { + CweID: "852", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)", + Description: "Weaknesses in this category are related to rules in the Visibility and Atomicity (VNA) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "853": { + CweID: "853", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)", + Description: "Weaknesses in this category are related to rules in the Locking (LCK) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "854": { + CweID: "854", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)", + Description: "Weaknesses in this category are related to rules in the Thread APIs (THI) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "855": { + CweID: "855", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)", + Description: "Weaknesses in this category are related to rules in the Thread Pools (TPS) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "856": { + CweID: "856", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)", + Description: "Weaknesses in this category are related to rules in the Thread-Safety Miscellaneous (TSM) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "857": { + CweID: "857", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)", + Description: "Weaknesses in this category are related to rules in the Input Output (FIO) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "858": { + CweID: "858", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)", + Description: "Weaknesses in this category are related to rules in the Serialization (SER) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "859": { + CweID: "859", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)", + Description: "Weaknesses in this category are related to rules in the Platform Security (SEC) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "860": { + CweID: "860", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)", + Description: "Weaknesses in this category are related to rules in the Runtime Environment (ENV) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "861": { + CweID: "861", + Name: "The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)", + Description: "Weaknesses in this category are related to rules in the Miscellaneous (MSC) chapter of The CERT Oracle Secure Coding Standard for Java (2011).", + Lang: "en", + }, + "864": { + CweID: "864", + Name: "2011 Top 25 - Insecure Interaction Between Components", + Description: "Weaknesses in this category are listed in the \"Insecure Interaction Between Components\" section of the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.", + Lang: "en", + }, + "865": { + CweID: "865", + Name: "2011 Top 25 - Risky Resource Management", + Description: "Weaknesses in this category are listed in the \"Risky Resource Management\" section of the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.", + Lang: "en", + }, + "866": { + CweID: "866", + Name: "2011 Top 25 - Porous Defenses", + Description: "Weaknesses in this category are listed in the \"Porous Defenses\" section of the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.", + Lang: "en", + }, + "867": { + CweID: "867", + Name: "2011 Top 25 - Weaknesses On the Cusp", + Description: "Weaknesses in this category are not part of the general Top 25, but they were part of the original nominee list from which the Top 25 was drawn.", + Lang: "en", + }, + "869": { + CweID: "869", + Name: "CERT C++ Secure Coding Section 01 - Preprocessor (PRE)", + Description: "Weaknesses in this category are related to rules in the Preprocessor (PRE) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "870": { + CweID: "870", + Name: "CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL)", + Description: "Weaknesses in this category are related to rules in the Declarations and Initialization (DCL) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "871": { + CweID: "871", + Name: "CERT C++ Secure Coding Section 03 - Expressions (EXP)", + Description: "Weaknesses in this category are related to rules in the Expressions (EXP) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "872": { + CweID: "872", + Name: "CERT C++ Secure Coding Section 04 - Integers (INT)", + Description: "Weaknesses in this category are related to rules in the Integers (INT) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "873": { + CweID: "873", + Name: "CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP)", + Description: "Weaknesses in this category are related to rules in the Floating Point Arithmetic (FLP) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "874": { + CweID: "874", + Name: "CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR)", + Description: "Weaknesses in this category are related to rules in the Arrays and the STL (ARR) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "875": { + CweID: "875", + Name: "CERT C++ Secure Coding Section 07 - Characters and Strings (STR)", + Description: "Weaknesses in this category are related to rules in the Characters and Strings (STR) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "876": { + CweID: "876", + Name: "CERT C++ Secure Coding Section 08 - Memory Management (MEM)", + Description: "Weaknesses in this category are related to rules in the Memory Management (MEM) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "877": { + CweID: "877", + Name: "CERT C++ Secure Coding Section 09 - Input Output (FIO)", + Description: "Weaknesses in this category are related to rules in the Input Output (FIO) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "878": { + CweID: "878", + Name: "CERT C++ Secure Coding Section 10 - Environment (ENV)", + Description: "Weaknesses in this category are related to rules in the Environment (ENV) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "879": { + CweID: "879", + Name: "CERT C++ Secure Coding Section 11 - Signals (SIG)", + Description: "Weaknesses in this category are related to rules in the Signals (SIG) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "880": { + CweID: "880", + Name: "CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)", + Description: "Weaknesses in this category are related to rules in the Exceptions and Error Handling (ERR) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "881": { + CweID: "881", + Name: "CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)", + Description: "Weaknesses in this category are related to rules in the Object Oriented Programming (OOP) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "882": { + CweID: "882", + Name: "CERT C++ Secure Coding Section 14 - Concurrency (CON)", + Description: "Weaknesses in this category are related to rules in the Concurrency (CON) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "883": { + CweID: "883", + Name: "CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)", + Description: "Weaknesses in this category are related to rules in the Miscellaneous (MSC) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.", + Lang: "en", + }, + "885": { + CweID: "885", + Name: "SFP Primary Cluster: Risky Values", + Description: "This category identifies Software Fault Patterns (SFPs) within the Risky Values cluster (SFP1).", + Lang: "en", + }, + "886": { + CweID: "886", + Name: "SFP Primary Cluster: Unused entities", + Description: "This category identifies Software Fault Patterns (SFPs) within the Unused entities cluster (SFP2).", + Lang: "en", + }, + "887": { + CweID: "887", + Name: "SFP Primary Cluster: API", + Description: "This category identifies Software Fault Patterns (SFPs) within the API cluster (SFP3).", + Lang: "en", + }, + "889": { + CweID: "889", + Name: "SFP Primary Cluster: Exception Management", + Description: "This category identifies Software Fault Patterns (SFPs) within the Exception Management cluster (SFP4, SFP5, SFP6).", + Lang: "en", + }, + "890": { + CweID: "890", + Name: "SFP Primary Cluster: Memory Access", + Description: "This category identifies Software Fault Patterns (SFPs) within the Memory Access cluster (SFP7, SFP8).", + Lang: "en", + }, + "891": { + CweID: "891", + Name: "SFP Primary Cluster: Memory Management", + Description: "This category identifies Software Fault Patterns (SFPs) within the Memory Management cluster (SFP38).", + Lang: "en", + }, + "892": { + CweID: "892", + Name: "SFP Primary Cluster: Resource Management", + Description: "This category identifies Software Fault Patterns (SFPs) within the Resource Management cluster (SFP37).", + Lang: "en", + }, + "893": { + CweID: "893", + Name: "SFP Primary Cluster: Path Resolution", + Description: "This category identifies Software Fault Patterns (SFPs) within the Path Resolution cluster (SFP16, SFP17, SFP18).", + Lang: "en", + }, + "894": { + CweID: "894", + Name: "SFP Primary Cluster: Synchronization", + Description: "This category identifies Software Fault Patterns (SFPs) within the Synchronization cluster (SFP19, SFP20, SFP21, SFP22).", + Lang: "en", + }, + "895": { + CweID: "895", + Name: "SFP Primary Cluster: Information Leak", + Description: "This category identifies Software Fault Patterns (SFPs) within the Information Leak cluster (SFP23).", + Lang: "en", + }, + "896": { + CweID: "896", + Name: "SFP Primary Cluster: Tainted Input", + Description: "This category identifies Software Fault Patterns (SFPs) within the Tainted Input cluster (SFP24, SFP25, SFP26, SFP27).", + Lang: "en", + }, + "897": { + CweID: "897", + Name: "SFP Primary Cluster: Entry Points", + Description: "This category identifies Software Fault Patterns (SFPs) within the Entry Points cluster (SFP28).", + Lang: "en", + }, + "898": { + CweID: "898", + Name: "SFP Primary Cluster: Authentication", + Description: "This category identifies Software Fault Patterns (SFPs) within the Authentication cluster (SFP29, SFP30, SFP31, SFP32, SFP33, SFP34).", + Lang: "en", + }, + "899": { + CweID: "899", + Name: "SFP Primary Cluster: Access Control", + Description: "This category identifies Software Fault Patterns (SFPs) within the Access Control cluster (SFP35).", + Lang: "en", + }, + "901": { + CweID: "901", + Name: "SFP Primary Cluster: Privilege", + Description: "This category identifies Software Fault Patterns (SFPs) within the Privilege cluster (SFP36).", + Lang: "en", + }, + "902": { + CweID: "902", + Name: "SFP Primary Cluster: Channel", + Description: "This category identifies Software Fault Patterns (SFPs) within the Channel cluster.", + Lang: "en", + }, + "903": { + CweID: "903", + Name: "SFP Primary Cluster: Cryptography", + Description: "This category identifies Software Fault Patterns (SFPs) within the Cryptography cluster.", + Lang: "en", + }, + "904": { + CweID: "904", + Name: "SFP Primary Cluster: Malware", + Description: "This category identifies Software Fault Patterns (SFPs) within the Malware cluster.", + Lang: "en", + }, + "905": { + CweID: "905", + Name: "SFP Primary Cluster: Predictability", + Description: "This category identifies Software Fault Patterns (SFPs) within the Predictability cluster.", + Lang: "en", + }, + "906": { + CweID: "906", + Name: "SFP Primary Cluster: UI", + Description: "This category identifies Software Fault Patterns (SFPs) within the UI cluster.", + Lang: "en", + }, + "907": { + CweID: "907", + Name: "SFP Primary Cluster: Other", + Description: "This category identifies Software Fault Patterns (SFPs) within the Other cluster.", + Lang: "en", + }, + "929": { + CweID: "929", + Name: "OWASP Top Ten 2013 Category A1 - Injection", + Description: "Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "930": { + CweID: "930", + Name: "OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management", + Description: "Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "931": { + CweID: "931", + Name: "OWASP Top Ten 2013 Category A3 - Cross-Site Scripting (XSS)", + Description: "Weaknesses in this category are related to the A3 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "932": { + CweID: "932", + Name: "OWASP Top Ten 2013 Category A4 - Insecure Direct Object References", + Description: "Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "933": { + CweID: "933", + Name: "OWASP Top Ten 2013 Category A5 - Security Misconfiguration", + Description: "Weaknesses in this category are related to the A5 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "934": { + CweID: "934", + Name: "OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure", + Description: "Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "935": { + CweID: "935", + Name: "OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control", + Description: "Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "936": { + CweID: "936", + Name: "OWASP Top Ten 2013 Category A8 - Cross-Site Request Forgery (CSRF)", + Description: "Weaknesses in this category are related to the A8 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "937": { + CweID: "937", + Name: "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", + Description: "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "938": { + CweID: "938", + Name: "OWASP Top Ten 2013 Category A10 - Unvalidated Redirects and Forwards", + Description: "Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2013.", + Lang: "en", + }, + "944": { + CweID: "944", + Name: "SFP Secondary Cluster: Access Management", + Description: "This category identifies Software Fault Patterns (SFPs) within the Access Management cluster.", + Lang: "en", + }, + "945": { + CweID: "945", + Name: "SFP Secondary Cluster: Insecure Resource Access", + Description: "This category identifies Software Fault Patterns (SFPs) within the Insecure Resource Access cluster (SFP35).", + Lang: "en", + }, + "946": { + CweID: "946", + Name: "SFP Secondary Cluster: Insecure Resource Permissions", + Description: "This category identifies Software Fault Patterns (SFPs) within the Insecure Resource Permissions cluster.", + Lang: "en", + }, + "947": { + CweID: "947", + Name: "SFP Secondary Cluster: Authentication Bypass", + Description: "This category identifies Software Fault Patterns (SFPs) within the Authentication Bypass cluster.", + Lang: "en", + }, + "948": { + CweID: "948", + Name: "SFP Secondary Cluster: Digital Certificate", + Description: "This category identifies Software Fault Patterns (SFPs) within the Digital Certificate cluster.", + Lang: "en", + }, + "949": { + CweID: "949", + Name: "SFP Secondary Cluster: Faulty Endpoint Authentication", + Description: "This category identifies Software Fault Patterns (SFPs) within the Faulty Endpoint Authentication cluster (SFP29).", + Lang: "en", + }, + "950": { + CweID: "950", + Name: "SFP Secondary Cluster: Hardcoded Sensitive Data", + Description: "This category identifies Software Fault Patterns (SFPs) within the Hardcoded Sensitive Data cluster (SFP33).", + Lang: "en", + }, + "951": { + CweID: "951", + Name: "SFP Secondary Cluster: Insecure Authentication Policy", + Description: "This category identifies Software Fault Patterns (SFPs) within the Insecure Authentication Policy cluster.", + Lang: "en", + }, + "952": { + CweID: "952", + Name: "SFP Secondary Cluster: Missing Authentication", + Description: "This category identifies Software Fault Patterns (SFPs) within the Missing Authentication cluster.", + Lang: "en", + }, + "953": { + CweID: "953", + Name: "SFP Secondary Cluster: Missing Endpoint Authentication", + Description: "This category identifies Software Fault Patterns (SFPs) within the Missing Endpoint Authentication cluster (SFP30).", + Lang: "en", + }, + "954": { + CweID: "954", + Name: "SFP Secondary Cluster: Multiple Binds to the Same Port", + Description: "This category identifies Software Fault Patterns (SFPs) within the Multiple Binds to the Same Port cluster (SFP32).", + Lang: "en", + }, + "955": { + CweID: "955", + Name: "SFP Secondary Cluster: Unrestricted Authentication", + Description: "This category identifies Software Fault Patterns (SFPs) within the Unrestricted Authentication cluster (SFP34).", + Lang: "en", + }, + "956": { + CweID: "956", + Name: "SFP Secondary Cluster: Channel Attack", + Description: "This category identifies Software Fault Patterns (SFPs) within the Channel Attack cluster.", + Lang: "en", + }, + "957": { + CweID: "957", + Name: "SFP Secondary Cluster: Protocol Error", + Description: "This category identifies Software Fault Patterns (SFPs) within the Protocol Error cluster.", + Lang: "en", + }, + "958": { + CweID: "958", + Name: "SFP Secondary Cluster: Broken Cryptography", + Description: "This category identifies Software Fault Patterns (SFPs) within the Broken Cryptography cluster.", + Lang: "en", + }, + "959": { + CweID: "959", + Name: "SFP Secondary Cluster: Weak Cryptography", + Description: "This category identifies Software Fault Patterns (SFPs) within the Weak Cryptography cluster.", + Lang: "en", + }, + "960": { + CweID: "960", + Name: "SFP Secondary Cluster: Ambiguous Exception Type", + Description: "This category identifies Software Fault Patterns (SFPs) within the Ambiguous Exception Type cluster (SFP5).", + Lang: "en", + }, + "961": { + CweID: "961", + Name: "SFP Secondary Cluster: Incorrect Exception Behavior", + Description: "This category identifies Software Fault Patterns (SFPs) within the Incorrect Exception Behavior cluster (SFP6).", + Lang: "en", + }, + "962": { + CweID: "962", + Name: "SFP Secondary Cluster: Unchecked Status Condition", + Description: "This category identifies Software Fault Patterns (SFPs) within the Unchecked Status Condition cluster (SFP4).", + Lang: "en", + }, + "963": { + CweID: "963", + Name: "SFP Secondary Cluster: Exposed Data", + Description: "This category identifies Software Fault Patterns (SFPs) within the Exposed Data cluster (SFP23).", + Lang: "en", + }, + "964": { + CweID: "964", + Name: "SFP Secondary Cluster: Exposure Temporary File", + Description: "This category identifies Software Fault Patterns (SFPs) within the Exposure Temporary File cluster.", + Lang: "en", + }, + "965": { + CweID: "965", + Name: "SFP Secondary Cluster: Insecure Session Management", + Description: "This category identifies Software Fault Patterns (SFPs) within the Insecure Session Management cluster.", + Lang: "en", + }, + "966": { + CweID: "966", + Name: "SFP Secondary Cluster: Other Exposures", + Description: "This category identifies Software Fault Patterns (SFPs) within the Other Exposures cluster.", + Lang: "en", + }, + "967": { + CweID: "967", + Name: "SFP Secondary Cluster: State Disclosure", + Description: "This category identifies Software Fault Patterns (SFPs) within the State Disclosure cluster.", + Lang: "en", + }, + "968": { + CweID: "968", + Name: "SFP Secondary Cluster: Covert Channel", + Description: "This category identifies Software Fault Patterns (SFPs) within the Covert Channel cluster.", + Lang: "en", + }, + "969": { + CweID: "969", + Name: "SFP Secondary Cluster: Faulty Memory Release", + Description: "This category identifies Software Fault Patterns (SFPs) within the Faulty Memory Release cluster (SFP12).", + Lang: "en", + }, + "970": { + CweID: "970", + Name: "SFP Secondary Cluster: Faulty Buffer Access", + Description: "This category identifies Software Fault Patterns (SFPs) within the Faulty Buffer Access cluster (SFP8).", + Lang: "en", + }, + "971": { + CweID: "971", + Name: "SFP Secondary Cluster: Faulty Pointer Use", + Description: "This category identifies Software Fault Patterns (SFPs) within the Faulty Pointer Use cluster (SFP7).", + Lang: "en", + }, + "972": { + CweID: "972", + Name: "SFP Secondary Cluster: Faulty String Expansion", + Description: "This category identifies Software Fault Patterns (SFPs) within the Faulty String Expansion cluster (SFP9).", + Lang: "en", + }, + "973": { + CweID: "973", + Name: "SFP Secondary Cluster: Improper NULL Termination", + Description: "This category identifies Software Fault Patterns (SFPs) within the Improper NULL Termination cluster (SFP11).", + Lang: "en", + }, + "974": { + CweID: "974", + Name: "SFP Secondary Cluster: Incorrect Buffer Length Computation", + Description: "This category identifies Software Fault Patterns (SFPs) within the Incorrect Buffer Length Computation cluster (SFP10).", + Lang: "en", + }, + "975": { + CweID: "975", + Name: "SFP Secondary Cluster: Architecture", + Description: "This category identifies Software Fault Patterns (SFPs) within the Architecture cluster.", + Lang: "en", + }, + "976": { + CweID: "976", + Name: "SFP Secondary Cluster: Compiler", + Description: "This category identifies Software Fault Patterns (SFPs) within the Compiler cluster.", + Lang: "en", + }, + "977": { + CweID: "977", + Name: "SFP Secondary Cluster: Design", + Description: "This category identifies Software Fault Patterns (SFPs) within the Design cluster.", + Lang: "en", + }, + "978": { + CweID: "978", + Name: "SFP Secondary Cluster: Implementation", + Description: "This category identifies Software Fault Patterns (SFPs) within the Implementation cluster.", + Lang: "en", + }, + "979": { + CweID: "979", + Name: "SFP Secondary Cluster: Failed Chroot Jail", + Description: "This category identifies Software Fault Patterns (SFPs) within the Failed Chroot Jail cluster (SFP17).", + Lang: "en", + }, + "980": { + CweID: "980", + Name: "SFP Secondary Cluster: Link in Resource Name Resolution", + Description: "This category identifies Software Fault Patterns (SFPs) within the Link in Resource Name Resolution cluster (SFP18).", + Lang: "en", + }, + "981": { + CweID: "981", + Name: "SFP Secondary Cluster: Path Traversal", + Description: "This category identifies Software Fault Patterns (SFPs) within the Path Traversal cluster (SFP16).", + Lang: "en", + }, + "982": { + CweID: "982", + Name: "SFP Secondary Cluster: Failure to Release Resource", + Description: "This category identifies Software Fault Patterns (SFPs) within the Failure to Release Resource cluster (SFP14).", + Lang: "en", + }, + "983": { + CweID: "983", + Name: "SFP Secondary Cluster: Faulty Resource Use", + Description: "This category identifies Software Fault Patterns (SFPs) within the Faulty Resource Use cluster (SFP15).", + Lang: "en", + }, + "984": { + CweID: "984", + Name: "SFP Secondary Cluster: Life Cycle", + Description: "This category identifies Software Fault Patterns (SFPs) within the Life Cycle cluster.", + Lang: "en", + }, + "985": { + CweID: "985", + Name: "SFP Secondary Cluster: Unrestricted Consumption", + Description: "This category identifies Software Fault Patterns (SFPs) within the Unrestricted Consumption cluster (SFP13).", + Lang: "en", + }, + "986": { + CweID: "986", + Name: "SFP Secondary Cluster: Missing Lock", + Description: "This category identifies Software Fault Patterns (SFPs) within the Missing Lock cluster (SFP19).", + Lang: "en", + }, + "987": { + CweID: "987", + Name: "SFP Secondary Cluster: Multiple Locks/Unlocks", + Description: "This category identifies Software Fault Patterns (SFPs) within the Multiple Locks/Unlocks cluster (SFP21).", + Lang: "en", + }, + "988": { + CweID: "988", + Name: "SFP Secondary Cluster: Race Condition Window", + Description: "This category identifies Software Fault Patterns (SFPs) within the Race Condition Window cluster (SFP20).", + Lang: "en", + }, + "989": { + CweID: "989", + Name: "SFP Secondary Cluster: Unrestricted Lock", + Description: "This category identifies Software Fault Patterns (SFPs) within the Unrestricted Lock cluster (SFP22).", + Lang: "en", + }, + "990": { + CweID: "990", + Name: "SFP Secondary Cluster: Tainted Input to Command", + Description: "This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Command cluster (SFP24).", + Lang: "en", + }, + "991": { + CweID: "991", + Name: "SFP Secondary Cluster: Tainted Input to Environment", + Description: "This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Environment cluster (SFP27).", + Lang: "en", + }, + "992": { + CweID: "992", + Name: "SFP Secondary Cluster: Faulty Input Transformation", + Description: "This category identifies Software Fault Patterns (SFPs) within the Faulty Input Transformation cluster.", + Lang: "en", + }, + "993": { + CweID: "993", + Name: "SFP Secondary Cluster: Incorrect Input Handling", + Description: "This category identifies Software Fault Patterns (SFPs) within the Incorrect Input Handling cluster.", + Lang: "en", + }, + "994": { + CweID: "994", + Name: "SFP Secondary Cluster: Tainted Input to Variable", + Description: "This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Variable cluster (SFP25).", + Lang: "en", + }, + "995": { + CweID: "995", + Name: "SFP Secondary Cluster: Feature", + Description: "This category identifies Software Fault Patterns (SFPs) within the Feature cluster.", + Lang: "en", + }, + "996": { + CweID: "996", + Name: "SFP Secondary Cluster: Security", + Description: "This category identifies Software Fault Patterns (SFPs) within the Security cluster.", + Lang: "en", + }, + "997": { + CweID: "997", + Name: "SFP Secondary Cluster: Information Loss", + Description: "This category identifies Software Fault Patterns (SFPs) within the Information Loss cluster.", + Lang: "en", + }, + "998": { + CweID: "998", + Name: "SFP Secondary Cluster: Glitch in Computation", + Description: "This category identifies Software Fault Patterns (SFPs) within the Glitch in Computation cluster (SFP1).", + Lang: "en", + }, + "1000": { + CweID: "1000", + Name: "Research Concepts", + Description: "This view is intended to facilitate research into weaknesses, including their inter-dependencies, and can be leveraged to systematically identify theoretical gaps within CWE. It is mainly organized according to abstractions of behaviors instead of how they can be detected, where they appear in code, or when they are introduced in the development life cycle. By design, this view is expected to include every weakness within CWE.", + Lang: "en", + }, + "1003": { + CweID: "1003", + Name: "Weaknesses for Simplified Mapping of Published Vulnerabilities", + Description: "CWE entries in this view (graph) may be used to categorize potential weaknesses within sources that handle public, third-party vulnerability information, such as the National Vulnerability Database (NVD). By design, this view is incomplete; it is limited to a small number of the most commonly-seen weaknesses, so that it is easier for humans to use. This view uses a shallow hierarchy of two levels in order to simplify the complex, category-oriented navigation of the entire CWE corpus.", + Lang: "en", + }, + "1008": { + CweID: "1008", + Name: "Architectural Concepts", + Description: "This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be made when designing software.", + Lang: "en", + }, + "1026": { + CweID: "1026", + Name: "Weaknesses in OWASP Top Ten (2017)", + Description: "CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2017.", + Lang: "en", + }, + "1040": { + CweID: "1040", + Name: "Quality Weaknesses with Indirect Security Impacts", + Description: "CWE identifiers in this view (slice) are quality issues that only indirectly make it easier to introduce a vulnerability and/or make the vulnerability more difficult to detect or mitigate.", + Lang: "en", + }, + "1081": { + CweID: "1081", + Name: "Entries with Maintenance Notes", + Description: "CWE entries in this view have maintenance notes. Maintenance notes are an indicator that an entry might change significantly in future versions. This view was created due to feedback from the CWE Board and participants in the CWE Compatibility Summit in March 2021.", + Lang: "en", + }, + "1128": { + CweID: "1128", + Name: "CISQ Quality Measures (2016)", + Description: "This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristic Measures, released in 2016. These measures are derived from Object Management Group (OMG) standards.", + Lang: "en", + }, + "1133": { + CweID: "1133", + Name: "Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java", + Description: "CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT Oracle Coding Standard for Java.", + Lang: "en", + }, + "1154": { + CweID: "1154", + Name: "Weaknesses Addressed by the SEI CERT C Coding Standard", + Description: "CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT C Coding Standard.", + Lang: "en", + }, + "1178": { + CweID: "1178", + Name: "Weaknesses Addressed by the SEI CERT Perl Coding Standard", + Description: "CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT Perl Coding Standard.", + Lang: "en", + }, + "1194": { + CweID: "1194", + Name: "Hardware Design", + Description: "This view organizes weaknesses around concepts that are frequently used or encountered in hardware design. Accordingly, this view can align closely with the perspectives of designers, manufacturers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping.", + Lang: "en", + }, + "1200": { + CweID: "1200", + Name: "Weaknesses in the 2019 CWE Top 25 Most Dangerous Software Errors", + Description: "CWE entries in this view are listed in the 2019 CWE Top 25 Most Dangerous Software Errors.", + Lang: "en", + }, + "1305": { + CweID: "1305", + Name: "CISQ Quality Measures (2020)", + Description: "This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristic Measures, released in 2020. These measures are derived from Object Management Group (OMG) standards.", + Lang: "en", + }, + "1337": { + CweID: "1337", + Name: "Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses", + Description: "CWE entries in this view are listed in the 2021 CWE Top 25 Most Dangerous Software Weaknesses.", + Lang: "en", + }, + "1340": { + CweID: "1340", + Name: "CISQ Data Protection Measures", + Description: "This view outlines the SMM representation of the Automated Source Code Data Protection Measurement specifications, as identified by the Consortium for Information & Software Quality (CISQ) Working Group.", + Lang: "en", + }, + "1343": { + CweID: "1343", + Name: "Weaknesses in the 2021 CWE Most Important Hardware Weaknesses List", + Description: "CWE entries in this view are listed in the 2021 CWE Most Important Hardware Weaknesses List, as determined by the Hardware CWE Special Interest Group (HW CWE SIG).", + Lang: "en", + }, + "1344": { + CweID: "1344", + Name: "Weaknesses in OWASP Top Ten (2021)", + Description: "CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2021.", + Lang: "en", + }, + "1350": { + CweID: "1350", + Name: "Weaknesses in the 2020 CWE Top 25 Most Dangerous Software Weaknesses", + Description: "CWE entries in this view are listed in the 2020 CWE Top 25 Most Dangerous Software Weaknesses.", + Lang: "en", + }, + "1358": { + CweID: "1358", + Name: "Weaknesses in SEI ETF Categories of Security Vulnerabilities in ICS", + Description: "CWE entries in this view (graph) are associated with the Categories of Security Vulnerabilities in ICS, as published by the Securing Energy Infrastructure Executive Task Force (SEI ETF) in March 2022. Weaknesses and categories in this view are focused on issues that affect ICS (Industrial Control Systems) but have not been traditionally covered by CWE in the past due to its earlier emphasis on enterprise IT software. Note: weaknesses in this view are based on \"Nearest IT Neighbor\" recommendations and other suggestions by the CWE team. These relationships are likely to change in future CWE versions.", + Lang: "en", + }, + "1387": { + CweID: "1387", + Name: "Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses", + Description: "CWE entries in this view are listed in the 2022 CWE Top 25 Most Dangerous Software Weaknesses.", + Lang: "en", + }, + "2000": { + CweID: "2000", + Name: "Comprehensive CWE Dictionary", + Description: "This view (slice) covers all the elements in CWE.", + Lang: "en", + }, + "604": { + CweID: "604", + Name: "Deprecated Entries", + Description: "CWE nodes in this view (slice) have been deprecated. There should be a reference pointing to the replacement in each deprecated weakness.", + Lang: "en", + }, + "629": { + CweID: "629", + Name: "Weaknesses in OWASP Top Ten (2007)", + Description: "CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2007. This view is considered obsolete as a newer version of the OWASP Top Ten is available.", + Lang: "en", + }, + "630": { + CweID: "630", + Name: "DEPRECATED: Weaknesses Examined by SAMATE", + Description: "This view has been deprecated. It was only used for an early year of the NIST SAMATE project, and it did not represent any official or commonly-utilized list.", + Lang: "en", + }, + "631": { + CweID: "631", + Name: "DEPRECATED: Resource-specific Weaknesses", + Description: "This view has been deprecated because it is not actively maintained and does not provide utility to stakeholders. It was originally created before CWE 1.0 as a simple example of how views could be structured within CWE.", + Lang: "en", + }, + "635": { + CweID: "635", + Name: "Weaknesses Originally Used by NVD from 2008 to 2016", + Description: "CWE nodes in this view (slice) were used by NIST to categorize vulnerabilities within NVD, from 2008 to 2016. This original version has been used by many other projects.", + Lang: "en", + }, + "658": { + CweID: "658", + Name: "Weaknesses in Software Written in C", + Description: "This view (slice) covers issues that are found in C programs that are not common to all languages.", + Lang: "en", + }, + "659": { + CweID: "659", + Name: "Weaknesses in Software Written in C++", + Description: "This view (slice) covers issues that are found in C++ programs that are not common to all languages.", + Lang: "en", + }, + "660": { + CweID: "660", + Name: "Weaknesses in Software Written in Java", + Description: "This view (slice) covers issues that are found in Java programs that are not common to all languages.", + Lang: "en", + }, + "661": { + CweID: "661", + Name: "Weaknesses in Software Written in PHP", + Description: "This view (slice) covers issues that are found in PHP programs that are not common to all languages.", + Lang: "en", + }, + "677": { + CweID: "677", + Name: "Weakness Base Elements", + Description: "This view (slice) displays only weakness base elements.", + Lang: "en", + }, + "678": { + CweID: "678", + Name: "Composites", + Description: "This view displays only composite weaknesses.", + Lang: "en", + }, + "679": { + CweID: "679", + Name: "DEPRECATED: Chain Elements", + Description: "This view has been deprecated. It has limited utility for stakeholders, since all weaknesses can be links in a chain.", + Lang: "en", + }, + "699": { + CweID: "699", + Name: "Software Development", + Description: "This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping.", + Lang: "en", + }, + "700": { + CweID: "700", + Name: "Seven Pernicious Kingdoms", + Description: "This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms.", + Lang: "en", + }, + "701": { + CweID: "701", + Name: "Weaknesses Introduced During Design", + Description: "This view (slice) lists weaknesses that can be introduced during design.", + Lang: "en", + }, + "702": { + CweID: "702", + Name: "Weaknesses Introduced During Implementation", + Description: "This view (slice) lists weaknesses that can be introduced during implementation.", + Lang: "en", + }, + "709": { + CweID: "709", + Name: "Named Chains", + Description: "This view displays Named Chains and their components.", + Lang: "en", + }, + "711": { + CweID: "711", + Name: "Weaknesses in OWASP Top Ten (2004)", + Description: "CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is considered obsolete as a newer version of the OWASP Top Ten is available.", + Lang: "en", + }, + "734": { + CweID: "734", + Name: "Weaknesses Addressed by the CERT C Secure Coding Standard (2008)", + Description: "CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book \"The CERT C Secure Coding Standard\" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008.", + Lang: "en", + }, + "750": { + CweID: "750", + Name: "Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors", + Description: "CWE entries in this view (graph) are listed in the 2009 CWE/SANS Top 25 Programming Errors. This view is considered obsolete as a newer version of the Top 25 is available.", + Lang: "en", + }, + "800": { + CweID: "800", + Name: "Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors", + Description: "CWE entries in this view (graph) are listed in the 2010 CWE/SANS Top 25 Programming Errors. This view is considered obsolete as a newer version of the Top 25 is available.", + Lang: "en", + }, + "809": { + CweID: "809", + Name: "Weaknesses in OWASP Top Ten (2010)", + Description: "CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2010. This view is considered obsolete as a newer version of the OWASP Top Ten is available.", + Lang: "en", + }, + "844": { + CweID: "844", + Name: "Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)", + Description: "CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book \"The CERT Oracle Secure Coding Standard for Java\" published in 2011. This view is considered obsolete as a newer version of the coding standard is available.", + Lang: "en", + }, + "868": { + CweID: "868", + Name: "Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)", + Description: "CWE entries in this view (graph) are fully or partially eliminated by following the SEI CERT C++ Coding Standard, as published in 2016. This view is no longer being actively maintained, since it statically represents the coding rules as they were in 2016.", + Lang: "en", + }, + "884": { + CweID: "884", + Name: "CWE Cross-section", + Description: "This view contains a selection of weaknesses that represent the variety of weaknesses that are captured in CWE, at a level of abstraction that is likely to be useful to most audiences. It can be used by researchers to determine how broad their theories, models, or tools are. It will also be used by the CWE content team in 2012 to focus quality improvement efforts for individual CWE entries.", + Lang: "en", + }, + "888": { + CweID: "888", + Name: "Software Fault Pattern (SFP) Clusters", + Description: "CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).", + Lang: "en", + }, + "900": { + CweID: "900", + Name: "Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors", + Description: "CWE entries in this view (graph) are listed in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.", + Lang: "en", + }, + "919": { + CweID: "919", + Name: "Weaknesses in Mobile Applications", + Description: "CWE entries in this view (slice) are often seen in mobile applications.", + Lang: "en", + }, + "928": { + CweID: "928", + Name: "Weaknesses in OWASP Top Ten (2013)", + Description: "CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2013. This view is considered obsolete as a newer version of the OWASP Top Ten is available.", + Lang: "en", + }, + "999": { + CweID: "999", + Name: "DEPRECATED: Weaknesses without Software Fault Patterns", + Description: "This view has been deprecated. It was based on gaps in another view (CWE-888) related to research that is no longer updated, but was complete with respect to CWE at the time it was conducted.", + Lang: "en", + }, }