CWE-1357: CWE-1357: Reliance on Insufficiently Trustworthy Component
Description
View on MITREExtended Description
Extended Description
Technical Details
- Structure
- Simple
- Vulnerability Mapping
- ALLOWED
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
Phase
Description
For each component, ensure that its supply chain is well-controlled with sub-tier suppliers using best practices. For third-party software components such as libraries, ensure that they are developed and actively maintained by reputable vendors.
Phase
Description
Maintain a Bill of Materials for all components and sub-components of the product. For software, maintain a Software Bill of Materials (SBOM). According to [ REF-1247 ], "An SBOM is a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships."
Phase
Description
Continue to monitor changes in each of the product's components, especially when the changes indicate new vulnerabilities, end-of-life (EOL) plans, supplier practices that affect trustworthiness, etc.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
No examples or observed CVEs available for this CWE.
CWE Relationships
Frequently Asked Questions
What is CWE-1357: CWE-1357: Reliance on Insufficiently Trustworthy Component?+
CWE-1357: CWE-1357: Reliance on Insufficiently Trustworthy Component is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Description Extended Description
What are the security consequences of CWE-1357: Reliance on Insufficiently Trustworthy Component?+
If exploited, CWE-1357 (CWE-1357: Reliance on Insufficiently Trustworthy Component) it can compromise Reduce Maintainability, leading to outcomes such as Scope: Other.
How do you prevent or mitigate CWE-1357: Reliance on Insufficiently Trustworthy Component?+
Recommended mitigations for CWE-1357 include: For each component, ensure that its supply chain is well-controlled with sub-tier suppliers using best practices. For third-party software components such as libraries, ensure that they are developed and actively maintained by reputable vendors. Maintain a Bill of Materials for all components and sub-components of the product. For software, maintain a Software Bill of Materials (SBOM). According to [ REF-1247 ], "An SBOM is a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships." Continue to monitor changes in each of the product's components, especially when the changes indicate new vulnerabilities, end-of-life (EOL) plans, supplier practices that affect trustworthiness, etc.
Which programming languages are affected by CWE-1357: Reliance on Insufficiently Trustworthy Component?+
CWE-1357 commonly affects Architectures. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-1357 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.