굵은 글씨는 2023 CWE Top 25 Most Dangerous Software Weaknesses
- CWE-658 C언어로 작성된 SW에서 발생 가능한 취약점 목록
- CWE-659 C++ 언어로 작성된 SW에서 발생 가능한 취약점 목록
- CWE-660 Java언어로 작성된 SW에서 발생 가능한 취약점 목록
- CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
- CWE-59 Improper Link Resolution Before File Access ('Link Following')
- CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
- CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
- CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer O
- CWE-134 Use of Externally-Controlled Format String
- CWE-190 Integer Overflow or Wraparound O 259 Use of Hard-coded Password
- CWE-285 Improper Authorization 306 Missing Authentication for Critical Function
- CWE-307 Improper Restriction of Excessive Authentication Attempts
- CWE-312 Cleartext Storage of Sensitive Information
- CWE-319 Cleartext Transmission of Sensitive Information
- CWE-321 Use of Hard-coded Cryptographic Key
- CWE-327 Use of a Broken or Risky Cryptographic Algorithm
- CWE-330 Use of Insufficiently Random Values
- CWE-494 Download of Code Without Integrity Check
- CWE-521 Weak Password Requirements
- CWE-615 Information Exposure Through Comments
- CWE-732 Incorrect Permission Assignment for Critical Resource
- CWE-759 Use of a One-Way Hash without a Salt
- CWE-170 Improper Null Termination O
- CWE-209 Generation of Error Message Containing Sensitive Information O
- CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition O
- CWE-369 Divide By Zero O
- CWE-390 Detection of Error Condition Without Action O
- CWE-400 Uncontrolled Resource Consumption O
- CWE-404 Improper Resource Shutdown or Release O
- CWE-415 Double Free O
- CWE-416 Use After Free O
- CWE-457 Use of Uninitialized Variable O
- CWE-467 Use of sizeof() on a Pointer Type O
- CWE-469 Use of Pointer Subtraction to Determine Size O
- CWE-476 NULL Pointer Dereference O
- CWE-489 Active Debug Code O
- CWE-495 Private Data Structure Returned From A Public Method O
- CWE-496 Public Data Assigned to Private Array-Typed Field O
- CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere O
- CWE-562 Return of Stack Variable Address O
- CWE-587 Assignment of a Fixed Address to a Pointer O
- CWE-628 Function Call with Incorrectly Specified Arguments O
- CWE-676 Use of Potentially Dangerous Function O
- CWE-755 Improper Handling of Exceptional Conditions O
※ O 코딩규칙점검 및 취약점점검 항목과 중복으로 SW 신뢰성시험 시 고려하여 적용
CWE(Common Weakness Enumeration)
CWE - Common Weakness Enumeration
CWE™ is a community-developed list of software and hardware weakness types. It serves as a common language, a measuring stick for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts.
cwe.mitre.org
SW 신뢰성 표준 지표 Measure - https://dase.tistory.com/m/141
'무기체계와 컴퓨터 > 컴퓨터와 무기체계 소프트웨어' 카테고리의 다른 글
| 소프트웨어 개발사업의 적정 사업기간 산정 방법 (0) | 2023.10.28 |
|---|---|
| 소프트웨어 프로세스 인증과 제품 인증 (0) | 2023.10.28 |
| 무기체계 소프트웨어 신뢰성 및 보안성 시험 범위 (0) | 2023.10.22 |
| 무기체계 소프트웨어 정적 시험 기준 (0) | 2023.10.22 |
| 소프트웨어 신뢰성 예측과 추정 (0) | 2023.10.21 |