The product does not sufficiently encapsulate critical data or
functionality.
Extended Description
Encapsulation is about drawing strong boundaries. In a web browser that
might mean ensuring that your mobile code cannot be abused by other mobile
code. On the server it might mean differentiation between validated data and
unvalidated data, between one user's data and another's, or between data
users are allowed to see and data that they are not.
Terminology Notes
The "encapsulation" term is used in multiple ways. WIthin some security
sources, the term is used to describe the establishment of boundaries
between different control spheres. Within general computing circles, it is
more about hiding implementation details and maintainability than security.
Even within the security usage, there is also a question of whether
"encapsulation" encompasses the entire range
Time of Introduction
Architecture and Design
Implementation
Potential Mitigations
Phase
Description
Implement appropriate encapsulation to protect critical data or
functionality.
Description
