CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-398: Indicator of Poor Code Quality

 
Indicator of Poor Code Quality
Weakness ID: 398 (Weakness Class)Status: Draft
+ Description

Description Summary

The code has features that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained.

Extended Description

Programs are more likely to be secure when good development practices are followed. If a program is complex, difficult to maintain, not portable, or shows evidence of neglect, then there is a higher likelihood that weaknesses are buried in the code.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class710Coding Standards Violation
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant107Struts: Unused Validation Form
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant110Struts: Validator Without Form Field
Research Concepts (primary)1000
ParentOfCategoryCategory399Resource Management Errors
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base401Failure to Release Memory Before Removing Last Reference ('Memory Leak')
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base404Improper Resource Shutdown or Release
Development Concepts699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant415Double Free
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base416Use After Free
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant457Use of Uninitialized Variable
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base474Use of Function with Inconsistent Implementations
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base475Undefined Behavior for Input to API
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base476NULL Pointer Dereference
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base477Use of Obsolete Functions
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant478Missing Default Case in Switch Statement
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant479Unsafe Function Call from a Signal Handler
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant483Incorrect Block Delimitation
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base484Omitted Break Statement in Switch
Development Concepts (primary)699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant546Suspicious Comment
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant547Use of Hard-coded, Security-relevant Constants
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant561Dead Code
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base562Return of Stack Variable Address
Development Concepts (primary)699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant563Unused Variable
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfCategoryCategory569Expression Issues
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant585Empty Synchronized Block
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant586Explicit Call to Finalize()
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant617Reachable Assertion
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base676Use of Potentially Dangerous Function
Development Concepts (primary)699
Research Concepts (primary)1000
MemberOfViewView700Seven Pernicious Kingdoms
Seven Pernicious Kingdoms (primary)700
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsCode Quality
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
7 Pernicious KingdomsExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Taxonomy Mappings
2009-10-29CWE Content TeamMITREInternal
updated Relationships
Back to top
Page Last Updated: October 29, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us