CWE Usage Scenarios
|
| Mapping | The user has a specific weakness/attack/vulnerability in mind and needs to find the CWE identifier for it. |
| Modes: Browse, Search | |
| Considerations: abstraction differences may be a factor during mapping. Need to match expectations of the mapper and support alternate terminology. | |
| Compare | The user needs to compare multiple tools or repositories in terms of their coverage and focus. Or, the user wants to compare multiple applications in terms of their "weakness density." |
| Modes: Lookup, Inspect, Search | |
| Learn More | The user needs to learn more about a specific issue. |
| Modes: Lookup, Inspect, Search, Browse | |
| Find Gaps | The user wants to learn about new CWEs that might not be covered (by the user's knowledge, a tool, etc.) |
| Modes: Browse, Search | |
| Find Related | The user is working from a specific CWE and wants to learn about related CWEs. |
| Modes: Browse, Search | |
| Prioritize | The user needs to find the highest-priority entries, for some definition of "priority". |
| Modes: Search, Lookup, Inspect | |
| Announce a Vulnerability | The user wants to publicly announce a vulnerability and use a CWE ID in the announcement. |
| Modes: Browse, Search | |
| Considerations: abstraction differences may be a factor during mapping. Need to match expectations of the user and support alternate terminology. |
Document version: 0.1 Date: September 12, 2007
This is a draft document. It is intended to support maintenance of CWE, and to educate and solicit feedback from a specific technical audience. This document does not reflect any official position of the MITRE Corporation or its sponsors. Copyright © 2007, The MITRE Corporation. All rights reserved. Permission is granted to redistribute this document if this paragraph is not removed. This document is subject to change without notice.
