data/cwes.sample.R

#' Sample of 100 random CWEs (Common Weakness Enummeration)
#'
#' A data set containing public information about CWE information from MITRE.
#'
#' \describe{
#'    \item{code_standard}{CWE-XXXX}
#'    \item{ID}{The required ID attribute provides a unique identifier for the entry. It is considered static for the lifetime of the entry. If this entry becomes deprecated, the identifier will not be reused.}
#'    \item{Name}{The required Name attribute is a string that identifies the entry. The name should focus on the weakness being described and should avoid mentioning the attack that exploits the weakness or the consequences of exploiting the weakness. All words in the entry name should be capitalized except for articles and prepositions, unless they begin or end the name. Subsequent words in a hyphenated chain are also not capitalized.}
#'    \item{Abstraction}{The required Abstraction attribute defines the abstraction level for this weakness. The AbstractionEnumeration simple type defines the different abstraction levels that apply to a weakness. A "Class" is the most abstract type of weakness, typically described independent of any specific language or technology. A "Base" is a more specific type of weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. A "Variant" is a weakness that is described at a very low level of detail, typically limited to a specific language or technology. A "Compound" weakness is a meaningful aggregation of several weaknesses, currently known as either a Chain or Composite.}
#'    \item{Structure}{The required Structure attribute defines the structural nature of the weakness. The StructureEnumeration simple type lists the different structural natures of a weakness. A Simple structure represents a single weakness whose exploitation is not dependent on the presence of another weakness. A Composite is a set of weaknesses that must all be present simultaneously in order to produce an exploitable vulnerability, while a Chain is a set of weaknesses that must be reachable consecutively in order to produce an exploitable vulnerability.}
#'    \item{Status}{The required Status attribute defines the maturity of the information for this weakness. The StatusEnumeration simple type defines the different status values that an entity (view, category, weakness) can have.}
#'    \item{Description}{The required Description should be short and limited to the key points that define this weakness.}
#'    \item{Extended_Description}{The optional Extended_Description element provides a place for additional details important to this weakness, but that are not necessary to convey the fundamental concept behind the weakness. A number of other optional elements are available, each of which is described in more detail within the corresponding complexType that it references.}
#'    \item{Related_Weakness}{The RelatedWeaknessesType complex type is used to refer to other weaknesses that differ only in their level of abstraction. It contains one or more Related_Weakness elements, each of which is used to link to the CWE identifier of the other Weakness. The nature of the relation is captured by the Nature attribute. Please see the RelatedNatureEnumeration simple type definition for details about the valid value and meanings. The optional Chain_ID attribute specifies the unique ID of a named chain that a CanFollow or CanPrecede relationship pertains to. The optional Ordinal attribute is used to determine if this relationship is the primary ChildOf relationship for this weakness for a given View_ID. This attribute can only have the value "Primary" and should only be included for the primary parent/child relationship. For each unique triple of <Nature, CWE_ID, View_ID>, there should be only one relationship that is given a "Primary" ordinal.}
#'    \item{Weakness_Ordinality}{The WeaknessOrdinalitiesType complex type indicates potential ordering relationships with other weaknesses. A primary relationship means the weakness exists independent of other weaknesses, while a resultant relationship is when a weakness exists only in the presence of some other weaknesses. The required Ordinality element identifies whether the weakness has a primary or resultant relationship. The optional Description contains the context in which the primary or resultant relationship exists. It is important to note that it is possible for the same entry to be primary in some instances and resultant in others.}
#'    \item{Applicable_Platforms}{The ApplicablePlatformsType complex type specifies the languages, operating systems, architectures, paradigms, and technologies in which a given weakness could appear. In each case, one can specify either a specific Name or a general Class of platform. The required Prevalence attribute identifies the regularity with which the weakness is applicable to that platform. When providing an operating system name, an optional Common Platform Enumeration (CPE) identifier can be used to a identify a specific OS.}
#'    \item{Background_Details}{The BackgroundDetailsType complex type contains one or more Background_Detail elements, each of which contains information that is relevant but not related to the nature of the weakness itself.}
#'    \item{Alternate_Terms}{The AlternateTermsType complex type indicates one or more other names used to describe this weakness. The required Term element contains the actual alternate term. The required Description element provides context for each alternate term by which this weakness may be known.}
#'    \item{Modes_Of_Introduction}{The ModeOfIntroductionType complex type is used to provide information about how and when a given weakness may be introduced. If there are multiple possible introduction points, then a separate Introduction element should be included for each. The required Phase element identifies the point in the software life cycle at which the weakness may be introduced. The optional Note element identifies the typical scenarios under which the weakness may be introduced during the given phase.}
#'    \item{Exploitation_Factors}{The ExploitationFactorsType complex type points out conditions or factors that could increase the likelihood of exploit for this weakness.}
#'    \item{Common_Consequences}{The CommonConsequencesType complex type is used to specify individual consequences associated with a weakness. The required Scope element identifies the security property that is violated. The optional Impact element describes the technical impact that arises if an adversary succeeds in exploiting this weakness. The optional Likelihood element identifies how likely the specific consequence is expected to be seen relative to the other consequences. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact. The optional Note element provides additional commentary about a consequence.}
#'    \item{Detection_Methods}{The DetectionMethodsType complex type is used to identify methods that may be employed to detect this weakness, including their strengths and limitations. The required Method element identifies the particular detection method being described. The required Description element is intended to provide some context of how this method can be applied to a specific weakness. The optional Effectiveness element says how effective the detection method may be in detecting the associated weakness. This assumes the use of best-of-breed tools, analysts, and methods. There is limited consideration for financial costs, labor, or time. The optional Effectiveness_Notes element provides additional discussion of the strengths and shortcomings of this detection method.}
#'    \item{Potential_Mitigations}{The PotentialMitigationsType complex type is used to describe potential mitigations associated with a weakness. It contains one or more Mitigation elements, which each represent individual mitigations for the weakness. The Phase element indicates the development life cycle phase during which this particular mitigation may be applied. The Strategy element describes a general strategy for protecting a system to which this mitigation contributes. The Effectiveness element summarizes how effective the mitigation may be in preventing the weakness. The Description element contains a description of this individual mitigation including any strengths and shortcomings of this mitigation for the weakness.}
#'    \item{Observed_Examples}{The ObservedExampleType complex type specifies references to a specific observed instance of a weakness in real-world software. Typically this will be a CVE reference. Each Observed_Example element represents a single example. The optional Reference element should contain the identifier for the example being cited. For example, if a CVE is being cited, it should be of the standard CVE identifier format, such as CVE-2005-1951 or CVE-1999-0046. The required Description element should contain a product-independent description of the example being cited. The description should present an unambiguous correlation between the example being described and the weakness that it is meant to exemplify. It should also be short and easy to understand. The Link element should provide a valid URL where more information regarding this example can be obtained.}
#'    \item{Functional_Areas}{The FunctionalAreasType complex type contains one or more functional_area elements, each of which identifies the functional area of the software in which the weakness is most likely to occur. For example, CWE-23: Relative Path Traversal may occur in functional areas of software related to file processing. Each applicable functional area should have a new Functional_Area element, and standard title capitalization should be applied to each area.}
#'    \item{Affected_Resources}{The AffectedResourcesType complex type is used to identify system resources that can be affected by an exploit of this weakness. If multiple resources could be affected, then each should be defined by its own Affected_Resource element.}
#'    \item{Taxonomy_Mappings}{The TaxonomyMappingsType complex type is used to provide a mapping from an entry (Weakness or Category) in CWE to an equivalent entry in a different taxonomy. The required Taxonomy_Name attribute identifies the taxonomy to which the mapping is being made. The Entry_ID and Entry_Name elements identify the ID and name of the entry which is being mapped. The Mapping_Fit element identifies how close the CWE is to the entry in the taxonomy.}
#'    \item{Related_Attack_Patterns}{The RelatedAttackPatternsType complex type contains references to attack patterns associated with this weakness. The association implies those attack patterns may be applicable if an instance of this weakness exists. Each related attack pattern is identified by a CAPEC identifier.}
#' }
#'
#' @docType data
#'
#' @name cwes.sample
#'
#' @usage data(cwes.sample)
#'
#' @format A data frame with 100 rows and 17 columns.
#'
#' @keywords cwe
#'
#' @source \url{http://cwe.mitre.org/about/faq.html}
"cwes.sample"
r-net-tools/net-security documentation built on Jan. 21, 2018, 8:55 p.m.