Common Weakness Enumeration

CWE Glossary Definition

CWE Mapping & Navigation Guidance

Besides manual search of the raw CWE XML files in the latest version, there are several resources for mapping to CWE IDs.

• custom "mapping-friendly" presentations
• in-site search for individual pages
• trees in PDF documents
• external databases or products that support CWE search

To determine whether you have found the best matching CWE ID for a particular weakness, consider the following:

• The entry should be a Weakness or Composite/Chain type. Mapping to a View is incorrect, and mapping to a Category is strongly discouraged, because categories are not centered around CWE's behavioral model of weaknesses.
• The entry should be at the lowest level of abstraction possible, while matching (or subsuming) the weakness concept that you have in mind. Be aware that CWE cannot support all possible perspectives and ways of classifying weaknesses, so sometimes there will not be a suitable match, except at a very high level; see the "Mapping Analysis" document for a discussion of the issues.

CWE supports multiple views, which are different ways of organizing CWE entries. Two of the most useful views are Research Concepts (CWE-1000) and Development Concepts (CWE-699). For more background, see "The Evolution of the CWE Development and Research Views" and "A Comparison of the CWE Development and Research Views".

To conduct mapping, select either the research or developer view and go to the main page for that view. You can do one of the following:

Hierarchical Display

• CWE-1000 Graph tab
• CWE-699 Graph tab

If the view is hierarchical, select the "Graph" tab. (Both the Research Concepts and Developer Concepts views are hierarchical.) The names and IDs are presented in an indented list. To list additional details to help with the mapping task, click on the "Mapping-Friendly" checkbox in the upper right of the page. This will also display the summary, alternate terms, and the IDs for the parents (and ancestors) of an entry.

Initially, only the roots of the hierarchy are displayed. You can expand the entire hierarchy using the "expand all" link. To expand or contract a sub-tree, click the icon to the left of the icon for the entry's type, which shows a "-" to collapse, and a "+" to expand.

If you hover the mouse over the ancestors section, this will list the full names of each ancestor entry. This capability is especially convenient when you are several levels deep in the tree. (The full names are not displayed by default, since in-browser text searches would otherwise match too many extraneous entries.) Click on the ancestor section to toggle it open after your mouse leaves.

Click on an ID to display the full entry in a separate page.

Be aware that many entries have multiple parents, so they may be listed two or more times within the hierarchical display.

Slice Display

• CWE-1000 Slice tab
• CWE-699 Slice tab

A slice presents a flat listing of all entries in the view. By default, all fields for each entry are listed.

To concentrate on the most relevant subset of fields for each entry, use the "Presentation Filter" in the upper right of the page. Select either the "Mapping-Friendly" or "Basic Summary" presentation. (If you display all fields, then a text search is likely to find many irrelevant matches.)

You can then examine the ParentOf and ChildOf relationships in each individual entry to find other related entries. The PeerOf and CanAlsoBe relationships, when available, can also be helpful.

List Display

• CWE-1000 List tab
• CWE-699 List tab

The simple list (List) tab can be quick, since it only includes IDs and names. However, you need to be familiar with CWE's terminology.

PDFs with Graphical Depictions of CWE

Each hierarchical view is graphically presented in a PDF file. You can perform a text search of the CWE names within the document. This approach is somewhat limited, since only the "primary" parent is graphed, and the page can be large.

In-site Search

The in-site search form will find all matching pages on the CWE web site; all web pages are indexed. To limit your search to only individual CWE entry pages, include "inurl:definitions" in your search string.

You can then examine the ParentOf and ChildOf relationships in each individual entry to find other related entries. The PeerOf and CanAlsoBe relationships, when available, can also be helpful.

1. Background: see the glossary and become familiar with CWE's terminology.
2. Perform a text search or navigate to an entry that gets close to the weakness you are thinking of.
3. Examine the entry's parents (to find more general entries) or look at the entry's children (to find more specific entries). In some cases, it may be useful to examine the entry's siblings; this can be done by looking at the children of its parents.

4. Warning: do not rely solely on the name of the entry to determine whether you have found the right match. While CWE tries to be self-consistent in its own terminology, there is so much variety in the industry that sometimes the same term has different definitions, and some issues do not have any well-established terms at all.

   When you are considering whether a particular entry is a good match, review:

   • the summary and extended descriptions
   • terminology notes and alternate terms
   • demonstrative or observed examples
   • taxonomy mappings

5. If you are not having luck finding a good match, then some options are:

   • Consider switching to another view; the Research Concepts (CWE-1000) and Developer Concepts (CWE-699) views are organized very differently, especially near the top
   • Use a more comprehensive search (full slice or in-site search).
   • If you are more familiar with attacks, then consider navigating through CAPEC and seeing the weaknesses that CAPEC maps to.

If you believe that CWE does not sufficiently cover an issue, contact us at cwe@mitre.org.