Research Concepts
该视图旨在促进对弱点的研究,包括它们之间的相互依赖性,并可用来系统地找出CWE内部的理论差距。它对弱点进行了分类,在很大程度上忽略了如何检测它们,它们出现在代码中的什么地方,以及它们何时被引入软件开发生命周期。相反,它主要是根据软件行为的抽象来组织的。Development Concepts
该视图围绕软件开发中经常使用或遇到的概念组织弱点。因此,该视图可以与开发人员、教育工作者和评估供应商的观点紧密一致。它提供了多种类别,旨在简化导航、浏览和映射。Architectural Concepts
该视图根据常见的架构安全策略组织弱点。它旨在帮助架构师识别设计软件时可能出现的潜在错误。
CWE-660: Weaknesses in Software Written in Java
CWE-661: Weaknesses in Software Written in PHP
CWE-677: Weakness Base Elements
CWE-678: Composites
CWE-679: DEPRECATED: Chain Elements
CWE-699: Development Concepts
CWE-700: Seven Pernicious Kingdoms
CWE-701: Weaknesses Introduced During Design
CWE-702: Weaknesses Introduced During Implementation
CWE-709: 命名链
CWE-711: Weaknesses in OWASP Top Ten (2004)
CWE-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
CWE-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
CWE-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
CWE-809: Weaknesses in OWASP Top Ten (2010)
CWE-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
CWE-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
CWE-884: CWE Cross-section
CWE-999: Weaknesses without Software Fault Patterns
[共 1189 条]