CWE-1008: Categorizing Vulnerabilities in Software Architecture

The purpose of this perspective is to categorize vulnerabilities based on widely used security strategies in software architecture. It aims to aid architects in recognizing possible errors that may arise during the design process.

The diagram presented illustrates the hierarchical relationships between weaknesses existing at different levels of abstraction. The topmost level consists of categories and pillars, where categories serve as special CWE entries to group weaknesses sharing common characteristics, while pillars encompass weaknesses described in a highly abstract manner. Below these top-level entries lie weaknesses at varying levels of abstraction. Classes, usually independent of any particular language or technology, remain at a highly abstract level. On the other hand, base level weaknesses aim to present a more specific type of weakness. Variants, in contrast, provide a low level of detail and are often limited to a specific language or technology. Chains represent a sequence of weaknesses that need to be reachable consecutively to exploit a vulnerability. Lastly, composites consist of a set of weaknesses that must all be simultaneously present to exploit a vulnerability.