Equivalence partition testing is a test case design technique in which test cases are designed using representatives from equivalence classes. An equivalence class (or partition) is a portion of the component input or output domains for which the component behavior is assumed to be the same from the component specification. In equivalence partition testing, test cases are designed to cover each class at least once, thereby reducing the total number of test cases that must be developed and executed.

Boundary value analysis is a test case design technique in which test cases are designed using representatives of boundary values. A boundary value is an input value or output value that is on the boundary between equivalence classes, or an incremental distance either side of the boundary.

Continue Reading…

CWE has different views for different audiences and purposes. In the early stages of development, CWE only had one hierarchical representation, which originated the current Development Concepts View (or Development View). CWE is currently organized in two main views: Development Concepts (CWE-699), and Research Concepts (CWE-1000).

The Development View organizes weaknesses based on concepts frequently used in software development, and most of its categories and groups build upon well-known past taxonomies. However, the lack of mutually exclusiveness and the large number of categories and groups led to difficult maintenance and several inconsistencies being accidentally introduced during its evolution.

Continue Reading…

We are currently engaged in the CWE Compatibility and Effectiveness Program and working towards fulfilling its requirements for using CWE in our own outside-in methodology for identifying and eliminating the most dangerous software errors and weaknesses in our products. The CWE Compatibility and Effectiveness Program is a formal review and evaluation process for declaring products and services as “CWE-Compatible” and “CWE-Effective.”

To understand how CWE identifiers are assigned to Red Hat vulnerabilities, you also need to understand some elements of CWE terminology. CWE identifiers—also known as CWE IDs or CWEs—are organized into four main types: Category, Compound Element, View, and Weakness.

Continue Reading…