Skip to main content

Table 3 Common weakness enumeration used in Sifu challenges

From: Sifu - a cybersecurity awareness platform with challenge assessment and intelligent coach

CWE Ref. Related SCG Description
CWE-14 (MITRE 2020a) MSC06-C Compiler Removal of Code to Clear Buffers
CWE-77 (MITRE 2020b) ENV33-C Improper Neutralization of Special Elements used in a Command
CWE-121 (MITRE 2020c) ARR38-C STR31-C Stack-based Buffer Overflow
CWE-242 (MITRE 2020d) POS33-C Use of Inherently Dangerous Function
CWE-338 (MITRE 2020e) MSC30-C Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE-676 (MITRE 2020f) CON33-C ENV33-C  
   ERR07-C ERR34-C Use of Potentially Dangerous Function
   FIO01-C MSC30-C  
   STR31-C  
CWE-758 (MITRE 2020g) ARR32-C ERR34-C  
   EXP30-C EXP33-C  
   FIO46-C INT34-C Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
   INT36-C MEM30-C  
   MSC14-C MSC15-C  
   MSC37-C  
  1. CWE: Common Weakness Enumeration, SCG.: SEI-CERT Secure Coding Guideline