"Common Consequences" element question

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

"Common Consequences" element question

Mingyue Zhu
Hello,
 
  If I want to know the potential result that a weakness would lead to,I think I should check the weakness's  "Common Consequences" element. Here is my question about "Common Consequences".   
 
1. There are two parts in "Common Consequences" element.One is "Consequence Scope".It discribes the abstract impact  produced by a weakness,and it has seven values.The other part is "Consequence Effect". It describes the technical impact, and it has 21 values. Is there a specific mapping between these two parts? For example,"Read memory" in "Effect" is mapping "Confidentiality" in "Scope". If there is some rules,where can I get that?
 
2.Is there another way I can get the damage information that be produced by a weakness?
 
3.I found some accidental omissions. In CWE-768 and CWE-782, there's no exact technical impact mapping in "Consequence Effect". In CWE-843, there's no "Common Consequences" element.
 
thanks,
 
--
 
Mingyue Zhu