CWE

CWE-1059 – Insufficient Technical Documentation

Read Time:33 Second

Description

The product does not contain sufficient
technical or engineering documentation (whether on paper or
in electronic form) that contains descriptions of all the
relevant software/hardware elements of the product, such as
its usage, structure, architectural components, interfaces, design, implementation,
configuration, operation, etc.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-710

 

Consequences

Other: Varies by Context, Hide Activities, Reduce Reliability, Quality Degradation, Reduce Maintainability

Without a method of verification, one cannot be sure that everything only functions as expected.

 

Potential Mitigations

Phase: Documentation, Architecture and Design

Description: 

Ensure that design documentation is detailed enough to allow for post-manufacturing verification.

CVE References

CWE

CWE-1058 – Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

Read Time:15 Second

Description

The code contains a function or method that
operates in a multi-threaded environment but owns an unsafe non-final
static storable or member data element.

Modes of Introduction:

 

 

Related Weaknesses

CWE-662
CWE-662
CWE-662

 

Consequences

Other: Reduce Reliability

 

Potential Mitigations

CVE References

CWE

CWE-1057 – Data Access Operations Outside of Expected Data Manager Component

Read Time:15 Second

Description

The software uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.

Modes of Introduction:

 

 

Related Weaknesses

CWE-1061

 

Consequences

Other: Reduce Performance

 

Potential Mitigations

CVE References

CWE

CWE-1054 – Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer

Read Time:20 Second

Description

The code at one architectural layer invokes code that resides
at a deeper layer than the adjacent layer, i.e., the invocation skips at least one
layer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer.

Modes of Introduction:

 

 

Related Weaknesses

CWE-1061

 

Consequences

Other: Reduce Maintainability

 

Potential Mitigations

CVE References

CWE

CWE-1050 – Excessive Platform Resource Consumption within a Loop

Read Time:15 Second

Description

The software has a loop body or loop condition that contains a control element that directly or
indirectly consumes platform resources, e.g. messaging, sessions, locks, or file
descriptors.

Modes of Introduction:

 

 

Related Weaknesses

CWE-405

 

Consequences

Other: Reduce Performance

 

Potential Mitigations

CVE References

News, Advisories and much more

Exit mobile version