CWE - CWE-398: Indicator of Poor Code Quality (Draft 9)

Home > CWE List > CWE-398 Individual Dictionary Definition (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

CWE-398 Individual Dictionary Definition (Draft 9)

Weakness ID

Status: Draft

398 (Weakness Class)

Description

Summary

The code has features that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained.

Extended Description

Programs are more likely to be secure when good development practices are followed. If a program is complex, difficult to maintain, not portable, or shows evidence of neglect, then there is a higher likelihood that weaknesses are buried in the code.

Relationships

Nature	Type	ID	Name
ChildOf	Category	18	Source Code
ParentOf	Category	399	Resource Management Errors
ParentOf	Category	417	Channel and Path Errors
ParentOf	Category	429	Handler Errors
ParentOf	Category	445	User Interface Errors
ParentOf	Category	452	Initialization and Cleanup Errors
ParentOf	Category	461	Data Structure Issues
ParentOf	Category	465	Pointer Issues
ParentOf	Category	569	Expression Issues
ParentOf	Weakness Base	344	Use of Invariant Value in Dynamically Changing Context
ParentOf	Weakness Class	435	Interaction Error
ParentOf	Weakness Base	470	Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')
ParentOf	Weakness Base	471	Modification of Assumed-Immutable Data (MAID)
ParentOf	Weakness Base	474	Use of Function with Inconsistent Implementations
ParentOf	Weakness Base	476	NULL Pointer Dereference
ParentOf	Weakness Base	477	Use of Obsolete Functions
ParentOf	Weakness Variant	478	Failure to Use Default Case in Switch
ParentOf	Weakness Variant	479	Unsafe Function Call from a Signal Handler
ParentOf	Weakness Variant	483	Incorrect Block Delimitation
ParentOf	Weakness Base	484	Omitted Break Statement
ParentOf	Weakness Variant	546	Suspicious Comment
ParentOf	Weakness Variant	547	Use of Hard-coded, Security-relevant Constants
ParentOf	Weakness Variant	561	Dead Code
ParentOf	Weakness Base	562	Return of Stack Variable Address
ParentOf	Weakness Variant	563	Unused Variable
ParentOf	Weakness Variant	580	clone() Method Without super.clone()
ParentOf	Weakness Variant	585	Empty Synchronized Block
ParentOf	Weakness Base	595	Incorrect Syntactic Object Comparison
ParentOf	Weakness Base	596	Incorrect Semantic Object Comparison
ParentOf	Weakness Variant	606	Unchecked Input for Loop Condition
ParentOf	Weakness Variant	623	Unsafe ActiveX Control Marked Safe For Scripting

Source Taxonomies

7 Pernicious Kingdoms - Code Quality

Page Last Updated: April 22, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us