BaseDraft

CWE-223Omission of Security-relevant Information

Category: other

Description

The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.

Common consequences· 1

  • Non-Repudiation — Hide Activities
    The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.

References

  1. https://cwe.mitre.org/data/definitions/223.html

Compliance frameworks addressing this (incoming)2

TypeTargetConfidenceTier
ComplianceControlai_act-art12100%live
ComplianceControlowasp_top10-a09100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Information Loss or Omission
CWE
Missing Encryption of Sensitive Data
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Insufficient Logging
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Insufficiently Protected Credentials
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.