CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > Documents > CVE → CWE "Root Cause Mapping" Quick Tips  
ID

CVE CWE "Root Cause Mapping" Quick Tips

Before You Start

  1. Review the CWE mapping examples
  2. Try to frame your perspective of the vulnerability to its underlying weakness
  3. Become familiar with key terms in CWE's glossary so that you can be sure you are interpreting CWE names correctly
  4. Familiarize yourself with key views (CWE-699, CWE-1194, CWE-1400,and CWE-1000), and determine which ones seem to match your needs the best
  5. Become familiar with the top-level CWEs in your preferred view

When You Are Ready

  1. The keyword search on the CWE website can help you quickly find potential entries, regardless of their level of abstraction
  2. CWEs at the Base and Variant level should be used for vulnerability root cause mapping whenever possible. Class level CWEs may be used for root cause mapping if there is no accurate Base or Variant level CWE. Check under the CWE’s title for its Abstraction and a link to its Mapping Notes
  3. Verify your mapping with a team member with different skills and experience
  4. If you find an entry similar but not quite what you are looking for, then examine its relationships with other CWEs
Back to top
Page Last Updated: March 22, 2024
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.