CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > CWE- Individual Dictionary Definition (4.16)  
ID

CWE CATEGORY: CISQ Quality Measures (2016) - Performance Efficiency

Category ID: 1132
Vulnerability Mapping: PROHIBITED This CWE ID must not be used to map to real-world vulnerabilities
+ Summary
Weaknesses in this category are related to the CISQ Quality Measures for Performance Efficiency, as documented in 2016 with the Automated Source Code Performance Efficiency Measure (ASCPEM) Specification 1.0. Presence of these weaknesses could reduce the performance efficiency of the software.
+ Membership
Nature Type ID Name
MemberOf ViewView - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). 1128 CISQ Quality Measures (2016)
HasMember VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. 1042 Static Member Data Element outside of a Singleton Class Element
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1043 Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1046 Creation of Immutable Text Using String Concatenation
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1049 Excessive Data Query Operations in a Large Data Table
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1050 Excessive Platform Resource Consumption within a Loop
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1057 Data Access Operations Outside of Expected Data Manager Component
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1060 Excessive Number of Inefficient Server-Side Data Accesses
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1063 Creation of Class Instance within a Static Code Block
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1067 Excessive Execution of Sequential Searches of Data Resource
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1072 Data Resource Access without Use of Connection Pooling
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1089 Large Data Table with Excessive Number of Indices
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1091 Use of Object without Invoking Destructor Method
HasMember BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. 1094 Excessive Index Range Scan for a Data Resource
+ Vulnerability Mapping Notes

Usage: PROHIBITED

(this CWE ID must not be used to map to real-world vulnerabilities)

Reason: Category

Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.
+ References
[REF-959] Object Management Group (OMG). "Automated Source Code Performance Efficiency Measure (ASCPEM)". 2016-01. <https://www.omg.org/spec/ASCPEM/>. URL validated: 2023-04-07.
[REF-968] Consortium for Information & Software Quality (CISQ). "Automated Quality Characteristic Measures". 2016. <http://it-cisq.org/standards/automated-quality-characteristic-measures/>.
+ Content History
+ Submissions
Submission Date Submitter Organization
2018-07-23
(CWE 3.2, 2019-01-03) 		CWE Content Team MITRE
Constructed using Common Quality Enumeration (CQE) draft 0.9, constructed using view 9001.
+ Modifications
Modification Date Modifier Organization
2020-06-25 CWE Content Team MITRE
updated References
2021-03-15 CWE Content Team MITRE
updated Description, Name
2023-04-27 CWE Content Team MITRE
updated Mapping_Notes, References
2023-06-29 CWE Content Team MITRE
updated Mapping_Notes
+ Previous Entry Names
Change Date Previous Entry Name
2021-03-15 CISQ Quality Measures - Performance
Page Last Updated: November 19, 2024
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.