CWE-888: Relationships and Hierarchies of Weaknesses

Clusters of Software Fault Patterns (SFPs) are linked to CWE identifiers in this perspective.

The graph provided illustrates the hierarchical relationships between weaknesses at different levels of abstraction. At the highest level, there are categories and pillars that serve as groupings for weaknesses. Categories, which are not weaknesses themselves, act as special entries to group weaknesses with similar characteristics. On the other hand, pillars represent weaknesses described in a highly abstract manner. Beneath these top-level entries, there exist weaknesses at varying levels of abstraction. Classes, for instance, remain highly abstract and are generally independent of specific languages or technologies. On the other hand, base level weaknesses offer a more specific type of weakness. Variants, in contrast, provide a detailed description that is often limited to a particular language or technology. Additionally, a chain refers to a series of weaknesses that must be sequentially reachable to exploit a vulnerability. Lastly, a composite refers to a collection of weaknesses that must all be present simultaneously to exploit a vulnerability.