Software Development

A view in the Common Weakness Enumeration published by The MITRE Corporation.


Objective

Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping.

Target Audience

Educators

Educators use this view to teach future developers about the types of mistakes that are commonly made within specific parts of a codebase.

Software Developers

Software developers (including architects, designers, coders, and testers) use this view to better understand potential mistakes that can be made in specific areas of their software application. The use of concepts that developers are familiar with makes it easier to navigate this view, and filtering by Modes of Introduction can enable focus on a specific phase of the development lifecycle.

Categories

API / Function Errors

Weaknesses in this category are related to the use of built-in functions or external APIs.

Audit / Logging Errors

Weaknesses in this category are related to audit-based components of a software system. Frequently these deal with logging user activities in order to identify undesir...

Authentication Errors

Weaknesses in this category are related to authentication components of a system. Frequently these deal with the ability to verify that an entity is indeed who it clai...

Authorization Errors

Weaknesses in this category are related to authorization components of a system. Frequently these deal with the ability to enforce that agents have the required permis...

Bad Coding Practices

Weaknesses in this category are related to coding practices that are deemed unsafe and increase the chances that an exploitable vulnerability will be present in the ap...

Behavioral Problems

Weaknesses in this category are related to unexpected behaviors from code that an application uses.

Business Logic Errors

Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in busine...

Communication Channel Errors

Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or re...

Complexity Issues

Weaknesses in this category are associated with things being overly complex.

Concurrency Issues

Weaknesses in this category are related to concurrent use of shared resources.

Credentials Management Errors

Weaknesses in this category are related to the management of credentials.

Cryptographic Issues

Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniqu...

Data Integrity Issues

Weaknesses in this category are related to a software system's data integrity components. Frequently these deal with the ability to ensure the integrity of data, such ...

Data Neutralization Issues

Weaknesses in this category are related to the creation or neutralization of data using an incorrect format.

Data Processing Errors

Weaknesses in this category are typically found in functionality that processes data. Data processing is the manipulation of input to retrieve or save information.

Data Validation Issues

Weaknesses in this category are related to a software system's components for input validation, output validation, or other kinds of validation. Validation is a freque...

Documentation Issues

Weaknesses in this category are related to the documentation provide to support a product.

Encapsulation Issues

Weaknesses in this category are related to issues surrounding the bundling of data with the methods intended to operate on that data.

Error Conditions, Return Values, Status Codes

This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does not handle all possible return/...

Expression Issues

Weaknesses in this category are related to incorrectly written expressions within code.

File Handling Issues

Weaknesses in this category are related to the handling of files within a software system. Files, directories, and folders are so central to information technology tha...

Handler Errors

Weaknesses in this category are related to improper management of handlers.

Information Management Errors

Weaknesses in this category are related to improper handling of sensitive information.

Initialization and Cleanup Errors

Weaknesses in this category occur in behaviors that are used for initialization and breakdown.

Lockout Mechanism Errors

Weaknesses in this category are related to a software system's lockout mechanism. Frequently these deal with scenarios that take effect in case of multiple failed atte...

Memory Buffer Errors

Weaknesses in this category are related to the handling of memory buffers within a software system.

Numeric Errors

Weaknesses in this category are related to improper calculation or conversion of numbers.

Permission Issues

Weaknesses in this category are related to improper assignment or handling of permissions.

Pointer Issues

Weaknesses in this category are related to improper handling of pointers.

Privilege Issues

Weaknesses in this category occur with improper handling, assignment, or management of privileges. A privilege is a property of an agent, such as a user. It lets the a...

Random Number Issues

Weaknesses in this category are related to a software system's random number generation.

Resource Locking Problems

Weaknesses in this category are related to improper handling of locks that are used to control access to resources.

Resource Management Errors

Weaknesses in this category are related to improper management of system resources.

Signal Errors

Weaknesses in this category are related to the improper handling of signals.

State Issues

Weaknesses in this category are related to improper management of system state.

String Errors

Weaknesses in this category are related to the creation and modification of strings.

Type Errors

Weaknesses in this category are caused by improper data type transformation or improper handling of multiple data types.

User Interface Security Issues

Weaknesses in this category are related to or introduced in the User Interface (UI).

User Session Errors

Weaknesses in this category are related to session management. Frequently these deal with the information or status about each user and their access rights for the dur...

Deprecated or Obsolete

Key Management Errors

Weaknesses in this category are related to errors in the management of cryptographic keys.


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.