| Operations | Definition |
| Cast | Explicitly convert the value of an object to another data type. |
| Coerce | Implicitly (forced by the Type System) convert the value of a passed in/out argument or the return into the corresponding parameter or return data type. (Type Coercion is known also as Type Juggling. |
| Operands | Definition |
| Name | The declared identifier for an entity. |
| Data | The data value of an object -- stored in object's memory. |
| Type | The data type of an object -- the set of allowed values (e.g., char is within [-128, 127]) and the operations allowed over them (e.g., +, *, mod). |
| Causes | Definition |
| Code Defect Bug | The operation has a bug, which is the first cause for the chain of weaknesses underlying a software security vulnerability. The bug must be fixed to resolve the vulnerability. |
| Wrong Code | An inappropriate data type is specified; or an inappropriate function/operator is used. |
| Missing Code | The entire operation implementation or a part of its specification is absent. |
| Name Fault | The resolved name is wrong. |
| Wrong Object Resolved | zzzxxx Object is resolved from wrong scope. |
| Wrong Object Type Resolved | zzzxxx Object is resolved from wrong scope, so its data type might be wrong (xxx parent vs child type). |
| Missing Overloaded Function | Code for particular function parameters' data types is absent. |
| Data Fault | The object data has harmed semantics or inconsistent or wrong value |
| Under Range | Data value is smaller than type's lower range. |
| Over Range | Data value is larger than type's upper range. |
| Flipped Sign | Sign bit is overwritten from type related calculation. |
| Type Fault | The set or range of allowed values is wrong or the operations allowed on them are wrong. |
| Wrong Type | A data type range or structure is not correct. |
| Mismatched Argument | An argument is not of the paraneter data type. |
| Consequences | Definition |
| Type Error | The set or range of allowed values is wrong or the operations allowed on them are wrong. |
| Wrong Type | A data type range or structure is not correct. |
| Data Error | The object data has harmed semantics or inconsistent or wrong value |
| Wrong Value | Data value is not accurate value (e.g., outside of a range). |
| Flipped Sign | Sign bit is overwritten from type related calculation. |
| Truncated Value | Rightmost bits of value that won’t fit type size are cut off. |
| Distorted Value | Incorrect value (although fits type size) due to sign flip or signed/unsigned and vice versa conversions. |
| Rounded Value | Real number value precision loss. |
| Operations Attributes | Definition |
| Mechanism | Shows how the buggy/faulty operation code is performed. |
| Pass In | Supplying "in" arguments' data values to a function/ operator. |
| Pass Out | Supplying "out" or "in/out" arguments' data values or a return value to a function/ operator. |
| Source Code | Shows where the buggy/faulty operation code is in the program -- in what kind of software. |
| Codebase | The operation is in the programmer's code - in the application itself. |
| Third-Party | The operation is in a third-party software. |
| Standard Library | The operation is in the standard library for a particular programming language. |
| Compiler/Interpreter | The operation is in the language processor that allows execution or creates executables (compiler, assembler, interpreter). |
| Execution Space | Shows where the buggy/faulty operation code is running or with what privilege level). |
| Local | The bugged code runs in an environment with access control policy with limited (local user) permission. |
| Admin | The bugged code runs in an environment with access control policy with unlimited (admin user) permission. |
| Bare-Metal | The bugged code runs in an environment without privilege control. Usually, the program is the only software running and has total access to the hardware. |
| Operands Attributes | Definition |
| Name State | Shows at what stage the entity name is. |
| Resolved | The name scope is known to the Type System. |
| Bound | The name is linked to a declared (or inferred) data type, a defined object's data, or a called function implementation. |
| Data Kind | Shows what the data value is. |
| Numeric | A number -- a sequence of digits. |
| Text | A string -- a sequence of symbols. |
| Pointer | A holder of the memory address of an object. |
| Boolean | A truth/falcity value -- true or false; 1 or 0. |
| Type Kind | Shows what the data type composition is. |
| Primitive | A scalar data type that mimics the hardware units - e.g., int (long, short, signed), float, double, string, Boolean. A primitive data type is only language defined and is not built from other data types. |
| Structure | A composite data type - e.g., array, list, map, class. A structured data type is built from other data types and has primitive or structured members. |
