CWE-629: Mapping CWE to OWASP Top Ten (2007)

The nodes in this graph represent the Common Weakness Enumerations (CWE) that are linked to the OWASP Top Ten, which was published in 2007. However, it is important to note that this view is now outdated as a more recent edition of the OWASP Top Ten is currently accessible.

The graph provided illustrates the hierarchical connections between weaknesses of different levels of abstraction. At the highest level, there are categories and pillars which serve as groupings for weaknesses. These categories, although not classified as weaknesses themselves, serve the purpose of grouping weaknesses that share a common characteristic. Pillars, on the other hand, represent weaknesses described in a highly abstract manner. Below these top-level entries, there are weaknesses categorized at different levels of abstraction. Classes are still highly abstract and generally not specific to any particular language or technology. Base level weaknesses, however, present a more specific type of weakness. Variants, on the other hand, are weaknesses described with a high level of specificity, often limited to a specific language or technology. A chain refers to a sequence of weaknesses that must be reachable consecutively in order to result in an exploitable vulnerability. Conversely, a composite refers to a combination of weaknesses that must all be present simultaneously to create an exploitable vulnerability.