CWE Usage Scenarios
|
Mapping | The user has a specific weakness/attack/vulnerability in mind and needs to find the CWE identifier for it. |
Modes: Browse, Search | |
Considerations: abstraction differences may be a factor during mapping. Need to match expectations of the mapper and support alternate terminology. | |
Compare | The user needs to compare multiple tools or repositories in terms of their coverage and focus. Or, the user wants to compare multiple applications in terms of their "weakness density." |
Modes: Lookup, Inspect, Search | |
Learn More | The user needs to learn more about a specific issue. |
Modes: Lookup, Inspect, Search, Browse | |
Find Gaps | The user wants to learn about new CWEs that might not be covered (by the user's knowledge, a tool, etc.) |
Modes: Browse, Search | |
Find Related | The user is working from a specific CWE and wants to learn about related CWEs. |
Modes: Browse, Search | |
Prioritize | The user needs to find the highest-priority entries, for some definition of "priority". |
Modes: Search, Lookup, Inspect | |
Announce a Vulnerability | The user wants to publicly announce a vulnerability and use a CWE ID in the announcement. |
Modes: Browse, Search | |
Considerations: abstraction differences may be a factor during mapping. Need to match expectations of the user and support alternate terminology. |
Document version: 0.1 Date: September 12, 2007
This is a draft document. It is intended to support maintenance of CWE, and to educate and solicit feedback from a specific technical audience. This document does not reflect any official position of the MITRE Corporation or its sponsors. Copyright © 2007, The MITRE Corporation. All rights reserved. Permission is granted to redistribute this document if this paragraph is not removed. This document is subject to change without notice.