CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE-657: Violation of Secure Design Principles

Weakness ID: 657
Abstraction: Class
Status: Draft
Presentation Filter:
+ Description

Description Summary

The product violates well-established principles for secure design.

Extended Description

This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.

+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Common Consequences
ScopeEffect
Other

Technical Impact: Other

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class710Coding Standards Violation
Research Concepts (primary)1000
ChildOfCategoryCategory975SFP Secondary Cluster: Architecture
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class250Execution with Unnecessary Privileges
Development Concepts699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class636Not Failing Securely ('Failing Open')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class637Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class638Not Using Complete Mediation
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base653Insufficient Compartmentalization
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base654Reliance on a Single Factor in a Security Decision
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base655Insufficient Psychological Acceptability
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base656Reliance on Security Through Obscurity
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class671Lack of Administrator Control over Security
Development Concepts (primary)699
Research Concepts (primary)1000
MemberOfViewView699Development Concepts
Development Concepts (primary)699
+ References
Jerome H. Saltzer and Michael D. Schroeder. "The Protection of Information in Computer Systems". Proceedings of the IEEE 63. September, 1975. <http://web.mit.edu/Saltzer/www/publications/protection/>.
Sean Barnum and Michael Gegick. "Design Principles". 2005-09-19. <https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/principles/358.html>.
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships
2017-01-19CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017