CWE

Common Weakness Enumeration (CWE™) is a formal list or dictionary of common software and hardware weaknesses that can occur in architecture, design, code, or implementation that can lead to exploitable security vulnerabilities. CWE was created to serve as a common language for describing security weaknesses; serve as a standard measuring stick for security tools targeting these weaknesses; and to provide a common baseline standard for weakness identification, mitigation, and prevention efforts. “Weaknesses” are flaws, faults, bugs, and other errors in software and hardware design, architecture, code, or implementation that if left unaddressed could result in systems and networks, and hardware being vulnerable to attack

source: cwe.mitre.org

You can see this notebook directly via: - GitHub - Jupter nbviewer

Generation time

[1]:
from datetime import datetime, timezone, timedelta

timezone_offset = 0.0
tzinfo = timezone(timedelta(hours=timezone_offset))
generation_time = datetime.now(tzinfo).strftime('%Y-%m-%d %H:%M:%S %z')
print(generation_time)
2024-04-16 05:36:38 +0000

Creative Commons

This notebook and generated diagrams are released with Creative Commons liecense (CC BY 4.0).

CC BY 4.0

[2]:
import requests
import urllib3

urllib3.disable_warnings()

urls = ['https://mirrors.creativecommons.org/presskit/icons/cc.xlarge.png',
       'https://mirrors.creativecommons.org/presskit/icons/by.xlarge.png']
for url in urls:
    file_name = url.split("/")[-1:][0]
    print(file_name)

    file = requests.get(url, verify=False)
    open(file_name, 'wb').write(file.content)
cc.xlarge.png
by.xlarge.png

CWE data downloading

All CWE IDs are taken from cwe.mitre.org/data/downloads.html

[3]:
url = 'https://cwe.mitre.org/data/xml/cwec_latest.xml.zip'
file_name = url.split("/")[-1:][0]
print(file_name)
cwec_latest.xml.zip
[4]:
import requests
import urllib3

urllib3.disable_warnings()

file = requests.get(url, verify=False)
open(file_name, 'wb').write(file.content)
[4]:
1720673
[5]:
import zipfile

with zipfile.ZipFile(file_name, 'r') as zip_ref:
    zip_ref.extractall()
[13]:
import glob

file_name = glob.glob('*.xml')[-1]
print(file_name)
cwec_v4.14.xml

CWE data parsing

Updated to pars cwec_v4.14.xml.

[16]:
import pandas as pd
import xml.etree.ElementTree as et

tree = et.parse(file_name)
root = tree.getroot()
df_cols = ["number", "year"]
rows = []

if root.findall('{http://cwe.mitre.org/cwe-7}Weaknesses'):
    weeknesses = root.find('{http://cwe.mitre.org/cwe-7}Weaknesses')
    for weekness in weeknesses:
        weekness_id = weekness.get("ID")
        weekness_content_history = weekness.find("{http://cwe.mitre.org/cwe-7}Content_History")
        weekness_content_submission = weekness_content_history.find("{http://cwe.mitre.org/cwe-7}Submission")
        weekness_content_submission_date = weekness_content_submission.find("{http://cwe.mitre.org/cwe-7}Submission_Date").text
        weekness_content_submission_year = weekness_content_submission_date[0:4]

        rows.append({"number": weekness_id, "year": weekness_content_submission_year})

df = pd.DataFrame(rows, columns = df_cols)

print(df)
    number  year
0     1004  2017
1     1007  2017
2      102  2006
3     1021  2017
4     1022  2017
..     ...   ...
958     95  2006
959     96  2006
960     97  2006
961     98  2006
962     99  2006

[963 rows x 2 columns]
[17]:
df = df.groupby(['year'], as_index=False)[['number']].count()
df.reset_index(drop=True, inplace=True)
df.index += 1

df.style.bar(subset=['number'], color='#FF6200')
[17]:
  year number
1 2006 533
2 2007 27
3 2008 67
4 2009 44
5 2010 20
6 2011 11
7 2012 5
8 2013 14
9 2014 5
10 2017 4
11 2018 94
12 2019 21
13 2020 95
14 2021 9
15 2022 8
16 2023 6

CWE data saving

CSV file is available in GitHub repository, see:

[18]:
csv_filename = 'cwe-number-of-entries.csv'

df.to_csv(csv_filename, index=False)

CWE data ploting

PNG files are available in GitHub repository with two background versions, see:

[19]:
import pandas as pd
import matplotlib.pyplot as plt
import datetime

df = pd.read_csv(csv_filename)

df.plot(x='year',
        xlabel='Year',
        y='number',
        ylabel='Number of CWE',
        kind='bar',
        title='Number of CWE per year')
plt.tight_layout()
plt.legend(['CWE'])
plt.figtext(0.12, 0.02, f"Generated on {generation_time} thanks to limberduck.org based on source: cwe.mitre.org", ha="left", fontsize=7)
fig = plt.gcf()
fig.set_size_inches(10,6)
fig.patch.set_facecolor('white')
plt.grid(True)

img_cc = plt.imread('cc.xlarge.png')
newax_cc = fig.add_axes([0.88, 0.0, 0.05, 0.05], anchor='NE', zorder=-1)
newax_cc.imshow(img_cc)
newax_cc.axis('off')
img_by = plt.imread('by.xlarge.png')
newax_by = fig.add_axes([0.92, 0.0, 0.05, 0.05], anchor='NE', zorder=-1)
newax_by.imshow(img_by)
newax_by.axis('off')

plt.savefig('cwe-number-of-entries-bg-white.png', dpi = 300, facecolor = 'white')
plt.savefig('cwe-number-of-entries-bg-transparent.png', dpi = 300, transparent = True)
../../_images/notebooks_cwe_cwe_23_0.png