CWE
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.1)  

CWE-657: Violation of Secure Design Principles

 
Violation of Secure Design Principles
Weakness ID: 657 (Weakness Class)Status: Draft
+ Description

Description Summary

The product violates well-established principles for secure design.

Extended Description

This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.

+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Common Consequences
ScopeEffect
Other

Technical Impact: Other

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory17Code
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class710Coding Standards Violation
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class250Execution with Unnecessary Privileges
Development Concepts699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class636Not Failing Securely ('Failing Open')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class637Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class638Not Using Complete Mediation
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base653Insufficient Compartmentalization
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base654Reliance on a Single Factor in a Security Decision
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base655Insufficient Psychological Acceptability
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base656Reliance on Security Through Obscurity
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class671Lack of Administrator Control over Security
Development Concepts (primary)699
Research Concepts (primary)1000
+ References
Jerome H. Saltzer and Michael D. Schroeder. "The Protection of Information in Computer Systems". Proceedings of the IEEE 63. September, 1975. <http://web.mit.edu/Saltzer/www/publications/protection/>.
Sean Barnum and Michael Gegick. "Design Principles". 2005-09-19. <https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/principles/358.html>.
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
Page Last Updated: September 12, 2011