2021年12月12日05:44:47评论74 views字数 763阅读2分32秒阅读模式

Category-398: 7PK-代码质量

ID: 398
Status: Draft

Summary

This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained. According to the authors of the Seven Pernicious Kingdoms, "Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an adversary it provides an opportunity to stress the system in unexpected ways."

Membership

ID	NAME
CWE-401	在移除最后引用时对内存的释放不恰当（内存泄露）
CWE-404	不恰当的资源关闭或释放
CWE-415	双重释放
CWE-416	释放后使用
CWE-457	使用未经初始化的变量
CWE-474	使用具有不一致性实现的函数
CWE-475	从输入到API的未定义行为
CWE-476	空指针解引用
CWE-477	对废弃函数的使用

References

REF-6 Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

文章来源于互联网:scap中文网

左青龙
微信扫一扫

右白虎
微信扫一扫

Category-398: 7PK-代码质量

Category-398: 7PK-代码质量

Summary

Membership

References

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信