Deployed 2144d00 with MkDocs version: 1.5.3

Author: Crashedmind

404.html

@@ -1057,7 +1057,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 

annex/Glossary/index.html

@@ -1061,7 +1061,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 

assets/images/vulnerability_mapping_notes.png

@@ -1135,7 +1135,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 

cisa_kev/cisa_kev/index.html

@@ -1216,7 +1216,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 

cvss/CVSS/index.html

@@ -1153,7 +1153,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 
@@ -1798,7 +1798,7 @@
 <h1 id="common-weakness-enumeration-cwe">Common Weakness Enumeration (<abbr title="CWE Common Weakness Enumeration">CWE</abbr>)<a class="headerlink" href="#common-weakness-enumeration-cwe" title="Permanent link">&para;</a></h1>
 <div class="admonition abstract">
 <p class="admonition-title">Overview</p>
-<p>The Common Weakness Enumeration (<abbr title="CWE Common Weakness Enumeration">CWE</abbr>) is a community-driven catalog of software and hardware weaknesses, maintained by MITRE. It serves as a standardized language and baseline for identifying, describing, and understanding common security flaws in software and hardware architecture, design, code, and implementation. </p>
+<p>The <a href="https://cwe.mitre.org">Common Weakness Enumeration (<abbr title="CWE Common Weakness Enumeration">CWE</abbr>)</a> is a community-driven catalog of software and hardware weaknesses, maintained by MITRE. It serves as a standardized language and baseline for identifying, describing, and understanding common security flaws in software and hardware architecture, design, code, and implementation. </p>
 <p>By providing a common taxonomy, <abbr title="CWE Common Weakness Enumeration">CWE</abbr> facilitates consistent security vulnerability reporting, enables better tool integration, and supports data-driven analysis of security trends. </p>
 <p>Leveraging <abbr title="CWE Common Weakness Enumeration">CWE</abbr> is fundamental to shifting security left, allowing organizations to proactively address the root causes of vulnerabilities and build more secure systems.</p>
 </div>
@@ -1913,13 +1913,13 @@ <h2 id="challenges-in-using-cwe">Challenges in Using <abbr title="CWE Common Wea
 
 
 
-          <a href="../cwe_abstraction/" class="md-footer__link md-footer__link--next" aria-label="Next: CWE Abstraction">
+          <a href="../cwe_abstraction/" class="md-footer__link md-footer__link--next" aria-label="Next: CWE Relationships">
             <div class="md-footer__title">
               <span class="md-footer__direction">
                 Next
               </span>
               <div class="md-ellipsis">
-                CWE Abstraction
+                CWE Relationships
               </div>
             </div>
             <div class="md-footer__button md-icon">

cwe/cwe/index.html

@@ -1068,7 +1068,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 

cwe/cwe_1000/index.html

@@ -22,7 +22,7 @@
 
 
 
-        <title>CWE Abstraction - Risk Based Prioritization</title>
+        <title>CWE Relationships - Risk Based Prioritization</title>
 
 
 
@@ -104,7 +104,7 @@
     <div data-md-component="skip">
 
 
-        <a href="#cwe-abstraction" class="md-skip">
+        <a href="#cwe-relationships" class="md-skip">
           Skip to content
         </a>
 
@@ -140,7 +140,7 @@
         <div class="md-header__topic" data-md-component="header-topic">
           <span class="md-ellipsis">
 
-              CWE Abstraction
+              CWE Relationships
 
           </span>
         </div>
@@ -1077,7 +1077,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 
@@ -1088,7 +1088,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 
@@ -1161,6 +1161,15 @@
     </span>
   </a>
 
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#vulnerability-mapping-label-and-notes" class="md-nav__link">
+    <span class="md-ellipsis">
+      Vulnerability Mapping Label and Notes
+    </span>
+  </a>
+  
 </li>
 
     </ul>
@@ -1796,6 +1805,15 @@
     </span>
   </a>
 
+</li>
+      
+        <li class="md-nav__item">
+  <a href="#vulnerability-mapping-label-and-notes" class="md-nav__link">
+    <span class="md-ellipsis">
+      Vulnerability Mapping Label and Notes
+    </span>
+  </a>
+  
 </li>
 
     </ul>
@@ -1813,15 +1831,15 @@
 
 
 
-<h1 id="cwe-abstraction"><abbr title="CWE Common Weakness Enumeration">CWE</abbr> Abstraction<a class="headerlink" href="#cwe-abstraction" title="Permanent link">&para;</a></h1>
+<h1 id="cwe-relationships"><abbr title="CWE Common Weakness Enumeration">CWE</abbr> Relationships<a class="headerlink" href="#cwe-relationships" title="Permanent link">&para;</a></h1>
 <div class="admonition abstract">
 <p class="admonition-title">Overview</p>
-<p>MITRE's <abbr title="CWE Common Weakness Enumeration">CWE</abbr> framework categorizes weaknesses into four abstraction levels:  <a href="https://cwe.mitre.org/documents/glossary/index.html#Pillar%20Weakness">Pillar</a>, <a href="https://cwe.mitre.org/documents/glossary/index.html#Class%20Weakness">Class</a>, <a href="https://cwe.mitre.org/documents/glossary/index.html#Base%20Weakness">Base</a>, and <a href="https://cwe.mitre.org/documents/glossary/index.html#Variant%20Weakness">Variant</a>:</p>
+<p>MITRE's <abbr title="CWE Common Weakness Enumeration">CWE</abbr> framework categorizes weaknesses into four abstraction levels:  </p>
 <ul>
-<li>Pillar: Highest abstraction (broad vulnerability concepts).</li>
-<li>Class: Group related vulnerabilities around common behaviors.</li>
-<li>Base: Specific weaknesses directly used in practical mappings.</li>
-<li>Variant: More specific instances of Base weaknesses (context-specific or subtle distinctions).</li>
+<li><a href="https://cwe.mitre.org/documents/glossary/index.html#Pillar%20Weakness">Pillar</a>: Highest abstraction (broad vulnerability concepts).</li>
+<li><a href="https://cwe.mitre.org/documents/glossary/index.html#Class%20Weakness">Class</a>: Group related vulnerabilities around common behaviors.</li>
+<li><a href="https://cwe.mitre.org/documents/glossary/index.html#Base%20Weakness">Base</a>: Specific weaknesses directly used in practical mappings.</li>
+<li><a href="https://cwe.mitre.org/documents/glossary/index.html#Variant%20Weakness">Variant</a>: More specific instances of Base weaknesses (context-specific or subtle distinctions).</li>
 </ul>
 <p>Each level provides a different degree of specificity, aiding different practical purposes from research to vulnerability remediation.</p>
 <p>Refer to the official schema: <a href="https://cwe.mitre.org/documents/schema/#AbstractionEnumeration">AbstractionEnumeration</a>.</p>
@@ -1839,8 +1857,8 @@ <h2 id="pillar">Pillar ⚠️<a class="headerlink" href="#pillar" title="Permane
 <li>
 <p>Examples:</p>
 <ul>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-284:</strong> Improper Access Control</li>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-682:</strong> Incorrect Calculation</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/284.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-284</a>:</strong> Improper Access Control</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/682.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-682</a>:</strong> Incorrect Calculation</li>
 </ul>
 </li>
 </ul>
@@ -1854,8 +1872,8 @@ <h2 id="class">Class 🗂️<a class="headerlink" href="#class" title="Permanent
 <li>
 <p>Examples:</p>
 <ul>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-20:</strong> Improper Input Validation</li>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-200:</strong> Exposure of Sensitive Information</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/20.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-20</a>:</strong> Improper Input Validation</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/200.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-200</a>:</strong> Exposure of Sensitive Information</li>
 </ul>
 </li>
 </ul>
@@ -1870,9 +1888,9 @@ <h2 id="base">Base 🎯<a class="headerlink" href="#base" title="Permanent link"
 <li>
 <p>Examples:</p>
 <ul>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-79:</strong> Cross-Site Scripting (XSS)</li>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-89:</strong> SQL Injection</li>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-787:</strong> Out-of-Bounds Write</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/79.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-79</a>:</strong> Cross-Site Scripting (XSS)</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/89.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-89</a>:</strong> SQL Injection</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/787.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-787</a>:</strong> Out-of-Bounds Write</li>
 </ul>
 </li>
 </ul>
@@ -1886,8 +1904,8 @@ <h2 id="variant">Variant 🔬<a class="headerlink" href="#variant" title="Perman
 <li>
 <p>Examples:</p>
 <ul>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-599:</strong> Missing Validation of OpenSSL Certificate</li>
-<li><strong><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-467:</strong> Use of <code>sizeof()</code> on a Pointer Type (C/C++)</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/599.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-599</a>:</strong> Missing Validation of OpenSSL Certificate</li>
+<li><strong><a href="https://cwe.mitre.org/data/definitions/467.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-467</a>:</strong> Use of <code>sizeof()</code> on a Pointer Type (C/C++)</li>
 </ul>
 </li>
 </ul>
@@ -1905,6 +1923,26 @@ <h2 id="compound">Compound 🔗<a class="headerlink" href="#compound" title="Per
 <p><strong>Compound CWEs</strong> help analyze complex vulnerability scenarios, providing insights into how weaknesses interrelate.</p>
 </div>
 <hr />
+<h2 id="vulnerability-mapping-label-and-notes"><a href="https://cwe.mitre.org/documents/schema/#MappingNotesType">Vulnerability Mapping Label and Notes</a><a class="headerlink" href="#vulnerability-mapping-label-and-notes" title="Permanent link">&para;</a></h2>
+<p>Vulnerability Mapping Label:</p>
+<ul>
+<li>ALLOWED (this <abbr title="CWE Common Weakness Enumeration">CWE</abbr> ID could be used to map to real-world vulnerabilities)</li>
+<li>ALLOWED (with careful review of mapping notes)</li>
+<li>DISCOURAGED (this <abbr title="CWE Common Weakness Enumeration">CWE</abbr> ID should not be used to map to real-world vulnerabilities)</li>
+<li>PROHIBITED (this <abbr title="CWE Common Weakness Enumeration">CWE</abbr> ID must not be used to map to real-world vulnerabilities)</li>
+</ul>
+<p>See <a href="https://cwe.mitre.org/documents/cwe_usage/guidance.html#relationships">https://cwe.mitre.org/documents/cwe_usage/guidance.html#relationships</a>.</p>
+<figure>
+<p><img alt="" src="../../assets/images/vulnerability_mapping_notes.png" width="600" />
+  </p>
+<figcaption> <figcaption>
+</figcaption>
+</figure>
+<div class="admonition info">
+<p class="admonition-title">Info</p>
+<p>CWEs assigned to CVEs may change their Mapping Label over time. </p>
+<p>Alternative CWEs may be suggested for the <abbr title="CWE Common Weakness Enumeration">CWE</abbr> per example above.</p>
+</div>
 <div class="admonition success">
 <p class="admonition-title">Takeaways</p>
 <ul>

cwe/cwe_abstraction/index.html

@@ -1068,7 +1068,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>
 
 
@@ -1230,15 +1230,6 @@
       </ul>
     </nav>
 
-</li>
-      
-        <li class="md-nav__item">
-  <a href="#example-using-cwe-798-use-of-hard-coded-credential" class="md-nav__link">
-    <span class="md-ellipsis">
-      Example using CWE-798 Use of Hard-coded Credential
-    </span>
-  </a>
-  
 </li>
 
     </ul>
@@ -1901,15 +1892,6 @@
       </ul>
     </nav>
 
-</li>
-      
-        <li class="md-nav__item">
-  <a href="#example-using-cwe-798-use-of-hard-coded-credential" class="md-nav__link">
-    <span class="md-ellipsis">
-      Example using CWE-798 Use of Hard-coded Credential
-    </span>
-  </a>
-  
 </li>
 
     </ul>
@@ -1975,13 +1957,6 @@ <h3 id="research-view-view-1000_1">Research View (<a href="https://cwe.mitre.org
 </div>
 <h3 id="nvd-view-view-1003_1"><abbr title="National Vulnerability Database">NVD</abbr> View (<a href="https://cwe.mitre.org/data/definitions/1003.html">View-1003</a>)<a class="headerlink" href="#nvd-view-view-1003_1" title="Permanent link">&para;</a></h3>
 <p><a href="https://cwe.mitre.org/data/definitions/121.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-121 Stack-based Buffer Overflow </a> is not part of <abbr title="National Vulnerability Database">NVD</abbr> View (<a href="https://cwe.mitre.org/data/definitions/1003.html">View-1003</a>).</p>
-<h2 id="example-using-cwe-798-use-of-hard-coded-credential">Example using <a href="https://cwe.mitre.org/data/definitions/798.html"><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-798 Use of Hard-coded Credential </a><a class="headerlink" href="#example-using-cwe-798-use-of-hard-coded-credential" title="Permanent link">&para;</a></h2>
-<p><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-798 is a child of three different nodes:</p>
-<ol>
-<li><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-1391 (Use of Weak Credentials) under Pillar <abbr title="CWE Common Weakness Enumeration">CWE</abbr>-284: Improper Access Control</li>
-<li><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-671 (Lack of Administrator Control over Security) under Pillar <abbr title="CWE Common Weakness Enumeration">CWE</abbr>-710: Improper Adherence to Coding Standards</li>
-<li><abbr title="CWE Common Weakness Enumeration">CWE</abbr>-344 (Use of Invariant Value in Changing Context) under Pillar <abbr title="CWE Common Weakness Enumeration">CWE</abbr>-693: Protection Mechanism Failure</li>
-</ol>
 
 
 
@@ -2013,7 +1988,7 @@ <h2 id="example-using-cwe-798-use-of-hard-coded-credential">Example using <a hre
       <nav class="md-footer__inner md-grid" aria-label="Footer" >
 
 
-          <a href="../cwe_abstraction/" class="md-footer__link md-footer__link--prev" aria-label="Previous: CWE Abstraction">
+          <a href="../cwe_abstraction/" class="md-footer__link md-footer__link--prev" aria-label="Previous: CWE Relationships">
             <div class="md-footer__button md-icon">
 
               <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12Z"/></svg>
@@ -2023,7 +1998,7 @@ <h2 id="example-using-cwe-798-use-of-hard-coded-credential">Example using <a hre
                 Previous
               </span>
               <div class="md-ellipsis">
-                CWE Abstraction
+                CWE Relationships
               </div>
             </div>
           </a>

cwe/cwe_views/index.html

@@ -1068,7 +1068,7 @@
 
 
   <span class="md-ellipsis">
-    CWE Abstraction
+    CWE Relationships
   </span>