CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-398: Indicator of Poor Code Quality

 
Indicator of Poor Code Quality
Weakness ID: 398 (Weakness Class)Status: Draft
+ Description

Description Summary

The code has features that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained.

Extended Description

Programs are more likely to be secure when good development practices are followed. If a program is complex, difficult to maintain, not portable, or shows evidence of neglect, then there is a higher likelihood that weaknesses are buried in the code.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Common Consequences
ScopeEffect

Technical Impact: Quality degradation

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class710Coding Standards Violation
Research Concepts (primary)1000
ChildOfCategoryCategory907SFP Cluster: Other
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant107Struts: Unused Validation Form
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant110Struts: Validator Without Form Field
Research Concepts (primary)1000
ParentOfCategoryCategory399Resource Management Errors
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base401Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base404Improper Resource Shutdown or Release
Development Concepts699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant415Double Free
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base416Use After Free
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant457Use of Uninitialized Variable
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base474Use of Function with Inconsistent Implementations
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base475Undefined Behavior for Input to API
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base476NULL Pointer Dereference
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base477Use of Obsolete Functions
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant478Missing Default Case in Switch Statement
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant483Incorrect Block Delimitation
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base484Omitted Break Statement in Switch
Development Concepts (primary)699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant546Suspicious Comment
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant547Use of Hard-coded, Security-relevant Constants
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant561Dead Code
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base562Return of Stack Variable Address
Development Concepts (primary)699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant563Assignment to Variable without Use ('Unused Variable')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfCategoryCategory569Expression Issues
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant585Empty Synchronized Block
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant586Explicit Call to Finalize()
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant617Reachable Assertion
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base676Use of Potentially Dangerous Function
Development Concepts (primary)699
Research Concepts (primary)1000
MemberOfViewView700Seven Pernicious Kingdoms
Seven Pernicious Kingdoms (primary)700
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsCode Quality
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01CigitalExternal
updated Time_of_Introduction
2008-09-08MITREInternal
updated Description, Relationships, Taxonomy_Mappings
2009-10-29MITREInternal
updated Relationships
2010-12-13MITREInternal
updated Relationships
2011-06-01MITREInternal
updated Common_Consequences
2011-06-27MITREInternal
updated Common_Consequences
2012-05-11MITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Code Quality
Page Last Updated: June 23, 2014