CWE¶

Common Weakness Enumeration (CWE™) is a formal list or dictionary of common software and hardware weaknesses that can occur in architecture, design, code, or implementation that can lead to exploitable security vulnerabilities. CWE was created to serve as a common language for describing security weaknesses; serve as a standard measuring stick for security tools targeting these weaknesses; and to provide a common baseline standard for weakness identification, mitigation, and prevention efforts. “Weaknesses” are flaws, faults, bugs, and other errors in software and hardware design, architecture, code, or implementation that if left unaddressed could result in systems and networks, and hardware being vulnerable to attack

source: cwe.mitre.org

You can see this notebook directly via:

Generation time¶

In [1]:

from datetime import datetime, timezone, timedelta

timezone_offset = 0.0
tzinfo = timezone(timedelta(hours=timezone_offset))
generation_time = datetime.now(tzinfo).strftime('%Y-%m-%d %H:%M:%S %z')
print(generation_time)

2024-04-16 05:36:38 +0000

Creative Commons¶

This notebook and generated diagrams are released with Creative Commons liecense (CC BY 4.0).

In [2]:

import requests
import urllib3

urllib3.disable_warnings()

urls = ['https://mirrors.creativecommons.org/presskit/icons/cc.xlarge.png',
       'https://mirrors.creativecommons.org/presskit/icons/by.xlarge.png']
for url in urls:
    file_name = url.split("/")[-1:][0]
    print(file_name)

    file = requests.get(url, verify=False)
    open(file_name, 'wb').write(file.content)

cc.xlarge.png
by.xlarge.png

CWE data downloading¶

All CWE IDs are taken from cwe.mitre.org/data/downloads.html

In [3]:

url = 'https://cwe.mitre.org/data/xml/cwec_latest.xml.zip'
file_name = url.split("/")[-1:][0]
print(file_name)

cwec_latest.xml.zip

In [4]:

import requests
import urllib3

urllib3.disable_warnings()

file = requests.get(url, verify=False)
open(file_name, 'wb').write(file.content)

Out[4]:

In [5]:

import zipfile

with zipfile.ZipFile(file_name, 'r') as zip_ref:
    zip_ref.extractall()

In [13]:

import glob

file_name = glob.glob('*.xml')[-1]
print(file_name)

cwec_v4.14.xml

CWE data parsing¶

Updated to pars cwec_v4.14.xml.

In [16]:

import pandas as pd 
import xml.etree.ElementTree as et 

tree = et.parse(file_name)
root = tree.getroot()
df_cols = ["number", "year"]
rows = []

if root.findall('{http://cwe.mitre.org/cwe-7}Weaknesses'):
    weeknesses = root.find('{http://cwe.mitre.org/cwe-7}Weaknesses')
    for weekness in weeknesses:
        weekness_id = weekness.get("ID")
        weekness_content_history = weekness.find("{http://cwe.mitre.org/cwe-7}Content_History")
        weekness_content_submission = weekness_content_history.find("{http://cwe.mitre.org/cwe-7}Submission")
        weekness_content_submission_date = weekness_content_submission.find("{http://cwe.mitre.org/cwe-7}Submission_Date").text
        weekness_content_submission_year = weekness_content_submission_date[0:4]
        
        rows.append({"number": weekness_id, "year": weekness_content_submission_year})

df = pd.DataFrame(rows, columns = df_cols)

print(df)

    number  year
0     1004  2017
1     1007  2017
2      102  2006
3     1021  2017
4     1022  2017
..     ...   ...
958     95  2006
959     96  2006
960     97  2006
961     98  2006
962     99  2006

[963 rows x 2 columns]

In [17]:

df = df.groupby(['year'], as_index=False)[['number']].count()
df.reset_index(drop=True, inplace=True)
df.index += 1

df.style.bar(subset=['number'], color='#FF6200')

Out[17]:

	year	number
1	2006	533
2	2007	27
3	2008	67
4	2009	44
5	2010	20
6	2011	11
7	2012	5
8	2013	14
9	2014	5
10	2017	4
11	2018	94
12	2019	21
13	2020	95
14	2021	9
15	2022	8
16	2023	6

CWE data saving¶

CSV file is available in GitHub repository, see:

In [18]:

csv_filename = 'cwe-number-of-entries.csv'

df.to_csv(csv_filename, index=False)

CWE data ploting¶

PNG files are available in GitHub repository with two background versions, see:

In [19]:

import pandas as pd
import matplotlib.pyplot as plt
import datetime

df = pd.read_csv(csv_filename)

df.plot(x='year', 
        xlabel='Year',
        y='number', 
        ylabel='Number of CWE',
        kind='bar', 
        title='Number of CWE per year')
plt.tight_layout()
plt.legend(['CWE'])
plt.figtext(0.12, 0.02, f"Generated on {generation_time} thanks to limberduck.org based on source: cwe.mitre.org", ha="left", fontsize=7)
fig = plt.gcf()
fig.set_size_inches(10,6)
fig.patch.set_facecolor('white')
plt.grid(True)

img_cc = plt.imread('cc.xlarge.png')
newax_cc = fig.add_axes([0.88, 0.0, 0.05, 0.05], anchor='NE', zorder=-1)
newax_cc.imshow(img_cc)
newax_cc.axis('off')
img_by = plt.imread('by.xlarge.png')
newax_by = fig.add_axes([0.92, 0.0, 0.05, 0.05], anchor='NE', zorder=-1)
newax_by.imshow(img_by)
newax_by.axis('off')

plt.savefig('cwe-number-of-entries-bg-white.png', dpi = 300, facecolor = 'white')
plt.savefig('cwe-number-of-entries-bg-transparent.png', dpi = 300, transparent = True)