CWE#

Common Weakness Enumeration (CWE™) is a formal list or dictionary of common software and hardware weaknesses that can occur in architecture, design, code, or implementation that can lead to exploitable security vulnerabilities. CWE was created to serve as a common language for describing security weaknesses; serve as a standard measuring stick for security tools targeting these weaknesses; and to provide a common baseline standard for weakness identification, mitigation, and prevention efforts. “Weaknesses” are flaws, faults, bugs, and other errors in software and hardware design, architecture, code, or implementation that if left unaddressed could result in systems and networks, and hardware being vulnerable to attack

source: cwe.mitre.org

You can see this notebook directly via:

Generation time#

from datetime import datetime, timezone, timedelta

timezone_offset = 0.0
tzinfo = timezone(timedelta(hours=timezone_offset))
generation_time = datetime.now(tzinfo).strftime('%Y-%m-%d %H:%M:%S %z')
print(generation_time)
2022-03-20 22:29:27 +0000

Creative Commons#

This notebook and generated diagrams are released with Creative Commons liecense (CC BY 4.0).

CC BY 4.0

import requests
import urllib3

urllib3.disable_warnings()

urls = ['https://mirrors.creativecommons.org/presskit/icons/cc.xlarge.png',
       'https://mirrors.creativecommons.org/presskit/icons/by.xlarge.png']
for url in urls:
    file_name = url.split("/")[-1:][0]
    print(file_name)

    file = requests.get(url, verify=False)
    open(file_name, 'wb').write(file.content)
cc.xlarge.png
by.xlarge.png

CWE data downloading#

All CWE IDs are taken from cwe.mitre.org/data/downloads.html

url = 'https://cwe.mitre.org/data/xml/cwec_latest.xml.zip'
file_name = url.split("/")[-1:][0]
print(file_name)
cwec_latest.xml.zip
import requests
import urllib3

urllib3.disable_warnings()

file = requests.get(url, verify=False)
open(file_name, 'wb').write(file.content)
1371095
import zipfile

with zipfile.ZipFile(file_name, 'r') as zip_ref:
    zip_ref.extractall()
import glob

file_name = glob.glob('*.xml')[0]
print(file_name)
cwec_v4.6.xml

CWE data parsing#

import pandas as pd 
import xml.etree.ElementTree as et 

tree = et.parse(file_name)
root = tree.getroot()
df_cols = ["number", "year"]
rows = []

if root.findall('{http://cwe.mitre.org/cwe-6}Weaknesses'):
    weeknesses = root.find('{http://cwe.mitre.org/cwe-6}Weaknesses')
    for weekness in weeknesses:
        weekness_id = weekness.get("ID")
        weekness_content_history = weekness.find("{http://cwe.mitre.org/cwe-6}Content_History")
        weekness_content_submission = weekness_content_history.find("{http://cwe.mitre.org/cwe-6}Submission")
        weekness_content_submission_date = weekness_content_submission.find("{http://cwe.mitre.org/cwe-6}Submission_Date").text
        weekness_content_submission_year = weekness_content_submission_date[0:4]
        
        rows.append({"number": weekness_id, "year": weekness_content_submission_year})

df = pd.DataFrame(rows, columns = df_cols)

print(df)
    number  year
0     1004  2017
1     1007  2017
2      102  2006
3     1021  2017
4     1022  2017
..     ...   ...
942     95  2006
943     96  2006
944     97  2006
945     98  2006
946     99  2006

[947 rows x 2 columns]
df = df.groupby(['year'], as_index=False)[['number']].count()
df.reset_index(drop=True, inplace=True)
df.index += 1

df.style.bar(subset=['number'], color='#FF6200')
  year number
1 2006 533
2 2007 27
3 2008 67
4 2009 44
5 2010 20
6 2011 11
7 2012 5
8 2013 14
9 2014 5
10 2017 4
11 2018 94
12 2019 21
13 2020 95
14 2021 7

CWE data saving#

CSV file is available in GitHub repository, see:

csv_filename = 'cwe-number-of-entries.csv'

df.to_csv(csv_filename, index=False)

CWE data ploting#

PNG files are available in GitHub repository with two background versions, see:

import pandas as pd
import matplotlib.pyplot as plt
import datetime

df = pd.read_csv(csv_filename)

df.plot(x='year', 
        xlabel='Year',
        y='number', 
        ylabel='Number of CWE',
        kind='bar', 
        title='Number of CWE per year')
plt.tight_layout()
plt.legend(['CWE'])
plt.figtext(0.12, 0.02, f"Generated on {generation_time} thanks to limberduck.org based on source: cwe.mitre.org", ha="left", fontsize=7)
fig = plt.gcf()
fig.set_size_inches(10,6)
fig.patch.set_facecolor('white')
plt.grid(True)

img_cc = plt.imread('cc.xlarge.png')
newax_cc = fig.add_axes([0.88, 0.0, 0.05, 0.05], anchor='NE', zorder=-1)
newax_cc.imshow(img_cc)
newax_cc.axis('off')
img_by = plt.imread('by.xlarge.png')
newax_by = fig.add_axes([0.92, 0.0, 0.05, 0.05], anchor='NE', zorder=-1)
newax_by.imshow(img_by)
newax_by.axis('off')

plt.savefig('cwe-number-of-entries-bg-white.png', dpi = 300, facecolor = 'white')
plt.savefig('cwe-number-of-entries-bg-transparent.png', dpi = 300, transparent = True)
../../_images/cwe_22_0.png