Cybercron
Vulnerability Types
Explore vulnerability types, software, and hardware weaknesses.
Vulnerability Pillars
A PILLAR is a general type of software weakness that acts as a framework for understanding related weaknesses, such as class, base, or variant weaknesses. Unlike a Category, which groups similar traits, a Pillar specifically describes a particular mistake in software.
When assigning CWE identifiers to vulnerabilities it is DISCOURAGED to use PILLAR Identifiers as it does not address the root cause of a vulnerability.
| ID | Name | Type | Count | Percent |
|---|
Vulnerability Classes
A CLASS is a type of software weakness that is described in broad terms. It is more specific than a Pillar Weakness, but more general than a Base or Variant Weakness. These weaknesses usually focus on issues related to one or two of these areas: behavior, property, and resources.
When assigning CWE identifiers to vulnerabilities it is DISCOURAGED to use CLASS identifiers as it does not address the root cause of a vulnerability. There are rare exceptions to this rule, please see the individual CWE for details.
| ID | Name | Type | Count | Percent |
|---|
Vulnerability Bases & Variants
Base Weaknesses
A BASE is a software weakness exists that is not tied to any specific resource or technology. This type of weakness provides clear methods for detecting and preventing issues. It usually describes problems in terms of two or three of the following areas: behavior, property, technology, language, and resource.
When assigning CWE identifiers to vulnerabilities it is ENCOURAGED to use BASE identifiers as it addresses the root cause of a vulnerability.
| ID | Name | Type | Count | Percent |
|---|
Variant Weaknesses
A VARIANT s a weakness in software is associated with a specific type of product, often linked to a particular language or technology. It is more specific than a base weakness. These variant-level weaknesses typically describe issues using 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
When assigning CWE identifiers to vulnerabilities it is ENCOURAGED to use VARIANT identifiers where it's applicable as it addresses the root cause of a vulnerability.
| ID | Name | Type | Count | Percent |
|---|
Composite Weaknesses
A COMPOSITE s a weakness in software is associated with a specific type of product, often linked to a particular language or technology. It is more specific than a base weakness. These variant-level weaknesses typically describe issues using 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
When assigning CWE identifiers to vulnerabilities it is ENCOURAGED to use COMPOSITE identifiers where it's applicable as it addresses the root cause of a vulnerability.
| ID | Name | Type | Count | Percent |
|---|