Category: SFP Secondary Cluster: Implementation
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Implementation cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-358 | Improperly Implemented Security Check for Standard | The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. |
| CWE-623 | Unsafe ActiveX Control Marked Safe For Scripting | An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting. |
| CWE-710 | Improper Adherence to Coding Standards | The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
| CWE-398 | 7PK - Code Quality | This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained. According to the authors of the Seven Pernicious Kingdoms, "Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an adversary it provides an opportunity to stress the system in unexpected ways." |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.