ClassIncomplete

CWE-1357Reliance on Insufficiently Trustworthy Component

Category: other

Description

The product is built from multiple separate components, but it uses a component that is not sufficiently trusted to meet expectations for security, reliability, updateability, and maintainability.

Common consequences· 1

  • Other — Reduce Maintainability

Potential mitigations· 3

  • [Requirements, Architecture and Design, Implementation]For each component, ensure that its supply chain is well-controlled with sub-tier suppliers using best practices. For third-party software components such as libraries, ensure that they are developed and actively maintained by reputable vendors.
  • [Architecture and Design, Implementation, Integration, Manufacturing]Maintain a Bill of Materials for all components and sub-components of the product. For software, maintain a Software Bill of Materials (SBOM). According to [REF-1247], "An SBOM is a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships."
  • [Operation, Patching and Maintenance]Continue to monitor changes in each of the product's components, especially when the changes indicate new vulnerabilities, end-of-life (EOL) plans, supplier practices that affect trustworthiness, etc.

References

  1. https://cwe.mitre.org/data/definitions/1357.html

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-32800cve-2025-328000%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Dependency on Vulnerable Third-Party Component
CWE
Use of Unmaintained Third Party Components
CWE
Reliance on Component That is Not Updateable
CWE
Use of Less Trusted Source
CWE
Weak Authentication
CWE
Insufficiently Protected Credentials
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.