|
Common Quality EnumerationA Community-Developed Dictionary of Quality Issues |
|
|
|
CQE Glossary Definition |
 |
CQE-9001: Default Graph
Default Graph |
[an error occurred while processing this directive]
Definition in a New Window 
|
| View ID: 9001 | Maturity: Preliminary |
View DataView Objective
Default Hierarchy
View Metrics| Formal CQE IDs (this view) | Micro Elements (this view) | Total Catalog | |||||
|---|---|---|---|---|---|---|---|
| Total Elements | 153 | out of | 160 | 64 | out of | 66 | 226 |
| Views | 0 | out of | 7 | 7 | |||
| Quality_Characteristics | 41 | out of | 41 | 41 | |||
| Quality_Issues | 112 | out of | 112 | 112 | |||
| Practices | 39 | out of | 40 | 40 | |||
| Consequences | 25 | out of | 26 | 26 | |||
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| HasMember | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| HasMember | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| HasMember | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| HasMember | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
View Components
View Components
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
Accessibility |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9033 | Maturity: Preliminary |
DescriptionDescription Summary
Accessibility is a Quality_Characteristic describing the degree to which a wide variety of users can use the entity.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9174 | Usability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9092 | Availability | Default Graph (primary)9001 |
Accountability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9053 | Maturity: Preliminary |
DescriptionDescription Summary
Accountability is a Quality_Characteristic describing how well an entity records its actions.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
Accuracy |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9008 | Maturity: Preliminary |
DescriptionDescription Summary
Accuracy is a Quality_Characteristic describing how precise an entity's outputs are.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9020 | Completeness | Default Graph (primary)9001 |
Allocation of Memory without Associated Release |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9112 | Maturity: Preliminary |
DescriptionDescription Summary
The software allocates memory for a data element, but it does not release the associated memory at a later time.
Extended Description
This pattern identifies situations where a memory resource is explicitly allocated via the ManagesResource action to the storable or member data element, which is used throughout the application, along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, none of which being a memory release statement.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-14 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-14. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Analyzability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9012 | Maturity: Preliminary |
DescriptionDescription Summary
Analyzability is a Quality_Characteristic describing how easily an entity can be examined.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9084 | Understandability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9066 | Legibility | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9216 | Source Code Element without Standard Prologue | Default Graph (primary)9001 |
Arbitrary Code Execution |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9017 | Maturity: Preliminary |
DescriptionDescription Summary
Arbitrary Code Execution may result when programming logic or conditions allow code to be executed outside of expected functional parameters.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 79 | Cross-site Scripting Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 134 | Format String Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 434 | File Upload Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 798 | Hard-Coded Credentials Usage for Remote Authentication | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9063 | Authentication Practices | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9095 | File Upload Control | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9097 | Output Generation | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9129 | Output Formatting Control | Default Graph (primary)9001 |
Architecture with Number of Horizontal Layers Outside of Expected Range |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9007 | Maturity: Preliminary |
DescriptionDescription Summary
The software architecture contains too many - or too few - horizontal layers.
Extended Description
This pattern identifies situations where the model of the architectural layers contains too many or too few horizontal layers, based on its number of horizontal layers (that is, excluding the vertical utility layers) that is smaller than the threshold value or greater than the threshold value. The default minimal value is 4 and the default max value is 8.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9124 | Layered Architectures | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-9 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-9. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Array Index Improper Input Neutralization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 129 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the read or write action to access the array; none of the callable or method control element of the transformation sequence being a range check callable and method control element with regards to the array index.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9049 | Array Indexing | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9038 | Loss of Data Integrity | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-129 |
| CWE | 2.11 | 129 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-129. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Array Indexing |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9049 | Maturity: Preliminary |
DescriptionDescription Summary
Array Indexing
Extended Description
Software that is unaware of array index bounds incurs the risk of corruption of relevant memory, and perhaps instructions, possibly leading to a crash, the risk of data integrity loss, and the risk of unauthorized access to sensitive data.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9022 | Memory Corruption | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9054 | Data Corruption | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| ParentOf | Is Issue | 129 | Array Index Improper Input Neutralization | Quality Issues Organized by Practices (primary)9002 |
Authentication |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9133 | Maturity: Preliminary |
DescriptionDescription Summary
Authentication is a Quality_Characteristic describing whether an entity is what it is said to be.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
Authentication Practices |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9063 | Maturity: Preliminary |
DescriptionDescription Summary
Authentication Practices
Extended Description
Software featuring weak authentication practices incurs the risk of exposing resources and functionality to unintended actors, possibly leading to compromised sensitive information and even the execution of arbitrary code.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9017 | Arbitrary Code Execution | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9032 | Exposed Resources | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9035 | Exposed Functionality | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9189 | Information Disclosure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 798 | Hard-Coded Credentials Usage for Remote Authentication | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Availability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9092 | Maturity: Preliminary |
DescriptionDescription Summary
Availability is a Quality_Characteristic describing the degree to which an entity will operate satisfactorily.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9033 | Accessibility | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
Broken or Risky Cryptographic Algorithm Usage |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 327 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the application uses the cryptographic deployed component while it is not part of the list of vetted cryptographic deployed components. As an example, FIPS 140-2 features a list of validated implementations.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9136 | Cryptography | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-327 |
| CWE | 2.11 | 327 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-327. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Buffer Copy without Checking Size of Input |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 120 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where two buffer storable elements or member elements are allocated with specific sizes in the source buffer allocation statement and target buffer allocation statement, transformed within the application via transformation sequences composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, then ultimately used by the application to move the content of the first buffer onto the content of the second buffer through the move buffer statement, while the size of the first buffer is greater than the size of the second buffer.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9078 | Memory Management | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9022 | Memory Corruption | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9038 | Loss of Data Integrity | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-120 |
| ASCSM | 1 | ASCSM-CWE-120 |
| CWE | 2.11 | 120 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-120. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-120. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Cache Maintenance |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9096 | Maturity: Preliminary |
DescriptionDescription Summary
Cache Maintenance
Extended Description
Software deployed in distributed environment that does not maintain redundancy of data (such as cache) and code increases the time with which they are accessed.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9037 | Resource Management | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9140 | Increased (Access) Time | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9069 | Data Access Operations Outside of Expected Data Manager Component | Quality Issues Organized by Practices (primary)9002 |
Callable and Method Control Element Number of Outward Calls |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9024 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the named callable control element or method control element has a Fan-Out value that is too large, based on its number of references to other objects within the application which exceeds the threshold value; the application determines the scope of the search for the referenced objects. Default value for threshold value is 5.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9016 | Modular Development | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9141 | Excessive Propagation of Modification Impacts | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-4 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-4. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Callable with Insufficient Behavioral Summary |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9218 | Maturity: Preliminary |
DescriptionDescription Summary
The code contains a callable whose signature and/or associated documentation does not sufficiently describe the callable's inputs, outputs, side effects, assumptions, or return codes.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 5.8 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Capacity/Allocation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9101 | Maturity: Preliminary |
DescriptionDescription Summary
Capacity/Allocation is a Quality_Characteristic describing how well limited resources are managed.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9074 | Efficiency | Default Graph (primary)9001 |
Changeability/Modifiability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9029 | Maturity: Preliminary |
DescriptionDescription Summary
Changeability is a Quality_Characteristic describing how easily an entity can be changed or modified.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Child Class Element without Virtual Destructor unlike its Parent Class Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9013 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where, with languages where custom destructors can be written, the child class element used in the 'from' association of an Extends class relation whose parent class element that is used in the 'to' association of the Extends class relation, directly or indirectly through parent and child class element, has the parent virtual destructor, that lack its own virtual destructor.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9157 | Inheritance and Polymorphism | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-17 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-17. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Class Element with Virtual Method Element without Virtual Destructor |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9166 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the class element contains the virtual method element yet without declaring any virtual destructor.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9157 | Inheritance and Polymorphism | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-15 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-15. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Class Instance Self Destruction Control Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9156 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the class element executes the control element to destroy itself. As an example of self-destruction control element in C++, the 'delete this' control element.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-7 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-7. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Class with an Excessive Inheritance Level |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9123 | Maturity: Preliminary |
DescriptionDescription Summary
The inheritance level of a class is excessively high, i.e., it has a large number of ancestors.
Extended Description
This pattern identifies situations where the inheritance level of the class element is considered as too large, based on its number of parent class units which exceeds the default threshold value of 7.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9157 | Inheritance and Polymorphism | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-17 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-17. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Class with Excessive Number of Child Classes |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9165 | Maturity: Preliminary |
DescriptionDescription Summary
A class contains an unnecessarily large number of children.
Extended Description
This pattern identifies situations where the number of children of the class element is considered as too large, based on its number of child classes which exceeds the default threshold value of 10.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9157 | Inheritance and Polymorphism | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-18 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-18. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Co-existence |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9188 | Maturity: Preliminary |
DescriptionDescription Summary
Co-existence is a Quality_Characteristic describing how well elements are shared between entities.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
Code Comments |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9089 | Maturity: Preliminary |
DescriptionDescription Summary
Code Comments
Extended Description
Software that does not properly represent comments can cause excessive modification effort.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9161 | Excessive Volume of Commented-out Code | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Coding Practices |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9176 | Maturity: Preliminary |
DescriptionDescription Summary
Coding Practices
Extended Description
Software featuring known under-efficient coding practices requires excessive computational resources.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 252 | Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 456 | Storable and Member Data Element Missing Initialization | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 704 | Incorrect Type Conversion or Cast | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9004 | Static Member Data Element outside of a Singleton Class Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9005 | Data Element Aggregating an Excessively Large Number of Non-Primitive Elements | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9014 | Creation of Immutable Text Using String Concatenation | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9062 | Invokable Control Element with Variadic Parameter Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9100 | Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9102 | Missing Serialization Control Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9110 | Serializable Data Element Containing non-Serializable Item Elements | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9112 | Allocation of Memory without Associated Release | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9116 | Data Resource Access without Use of Connection Pooling | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9138 | Float Type Storable and Member Data Element Comparison with Equality Operator | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9156 | Class Instance Self Destruction Control Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9182 | Use of Data Element without Invoking Deconstructor Method | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9193 | Persistent Storable Data Element without Associated Comparison Control Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9194 | Storable or Member Data Element containing Pointer Item Element without Proper Copy Control Element | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Communicativeness |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9149 | Maturity: Preliminary |
DescriptionDescription Summary
Communicativeness is a Quality_Characteristic describing how well an entity shares an idea.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9084 | Understandability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9056 | Conciseness | Default Graph (primary)9001 |
Compilation with Insufficient Warnings or Errors |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9228 | Maturity: Preliminary |
DescriptionDescription Summary
The code is compiled without sufficient warnings enabled, which may prevent the detection of subtle bugs or quality issues.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| CQE Team | MITRE | Internal CQE Team | ||
Completeness |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9020 | Maturity: Preliminary |
DescriptionDescription Summary
Completeness is a Quality_Characteristic describing how thorough an entity is.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9008 | Accuracy | Default Graph (primary)9001 |
Compliance |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9098 | Maturity: Preliminary |
DescriptionDescription Summary
Compliance is a Quality_Characteristic describing how well an entity conforms to a defined standard.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9065 | Consistency | Default Graph (primary)9001 |
Conciseness |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9056 | Maturity: Preliminary |
DescriptionDescription Summary
Conciseness is a Quality_Characteristic describing how briefly and accurately an idea can be conveyed.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9074 | Efficiency | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9149 | Communicativeness | Default Graph (primary)9001 |
Confidentiality |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9025 | Maturity: Preliminary |
DescriptionDescription Summary
A Quality_Characteristic describing the level of protection used to safeguard sensitive data.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
Consistency |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9065 | Maturity: Preliminary |
DescriptionDescription Summary
Consistency is a Quality_Characteristic describing how well an entity conforms to an undefined convention.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9098 | Compliance | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9099 | Structuredness | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9107 | Inconsistency Between Implementation and Documented Design | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9200 | Inconsistent Naming Conventions for Identifiers | Default Graph (primary)9001 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Creation of Immutable Text Using String Concatenation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9014 | Maturity: Preliminary |
DescriptionDescription Summary
The software creates an immutable text string using string concatenation operations.
Extended Description
This pattern identifies situations where the named callable control element or method control element creates immutable text data elements via the string concatenation statement, which could be avoided by using text buffer data elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-2 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-2. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Cross-site Scripting Improper Input Neutralization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 79 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the user interface WritesUI action; none of the callable or method control element of the transformation sequence being a vetted sanitization control element from the list of vetted sanitization control elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9097 | Output Generation | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9017 | Arbitrary Code Execution | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-79 |
| CWE | 2.11 | 79 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-79. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Cryptography |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9136 | Maturity: Preliminary |
DescriptionDescription Summary
Software using a broken or risky cryptographic algorithm incurs the risk of sensitive data being compromised.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| ParentOf | Is Issue | 327 | Broken or Risky Cryptographic Algorithm Usage | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Data Access Constructs |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9105 | Maturity: Preliminary |
DescriptionDescription Summary
Data Access Constructs
Extended Description
Software featuring known under-efficient SQL Query and Data Access constructs requires excessive computational resources.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9027 | Excessive Data Query Operations in a Large Data Table | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9103 | Excessive Execution of Sequential Searches of Data Resource | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Pr Practice | 9104 | Data Encapsulation | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9175 | Excessive Number of Indices for a Large Data Table | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9187 | Excessive Index Range Scan for a Data Resource | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Data Access Control Element from Outside Designated Data Manager Component |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9159 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where named callable control element or method control element executes the data action statement although it is not part of a component identified as one of the dedicated data access components from the data access component list. The data access component can be either client-side or server-side, which means that data access components can be developed using non-SQL languages. The pattern simply identifies situations where the implementation does not follow the intended design, regardless of the design.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9076 | Data Integrity Management | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-10 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-10. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Data Access Operations Outside of Expected Data Manager Component |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9069 | Maturity: Preliminary |
DescriptionDescription Summary
The software performs data-access operations that do not use a dedicated, central data manager component.
Extended Description
This pattern identifies situations where the named callable control element or method control element executes the data action although it is not part of the central data manager identified as one of the dedicated data access components from the data access components list. The component can be either client-side either server-side, which means that not all server-side components are allowed to handle data accesses. The data access component can be either client-side either server-side, which means that data access components can be developed using non-SQL languages. The pattern simply identifies situations where the implementation does not follow the intended design, regardless of the design.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9096 | Cache Maintenance | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9140 | Increased (Access) Time | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-11 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-11. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Data Corruption |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9054 | Maturity: Preliminary |
DescriptionDescription Summary
Data Corruption may result when programming logic creates scenarios in which data is modified or removed in a manner inconsistent with expected parameters.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 22 | Path Traversal Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9049 | Array Indexing | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9078 | Memory Management | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9104 | Data Encapsulation | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9153 | Data Element Declared Public | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9181 | Method Containing Access of a Member Element from Another Class | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9183 | File Path Control | Default Graph (primary)9001 |
Data Element Aggregating an Excessively Large Number of Non-Primitive Elements |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9005 | Maturity: Preliminary |
DescriptionDescription Summary
The software uses a data element that has an excessively large number of sub-elements with non-primitive data types (i.e., aggregated objects).
Extended Description
This pattern identifies situations where the data type of the storable data element aggregates storable data elements with non-primitive data types, which is considered too large because it exceeds the threshold value, which defaults to 5.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-12 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-12. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Data Element Declared Public |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9153 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a data element that has been declared public.
Extended Description
This pattern identifies situations where the storable data element or member data element is declared as public through the Create action.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9104 | Data Encapsulation | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9054 | Data Corruption | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-15 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-15. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Data Encapsulation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9104 | Maturity: Preliminary |
DescriptionDescription Summary
Data Encapsulation
Extended Description
Software that does not follow the principles of data encapsulation incurs the risk of data corruption.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9105 | Data Access Constructs | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9054 | Data Corruption | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9153 | Data Element Declared Public | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9181 | Method Containing Access of a Member Element from Another Class | Quality Issues Organized by Practices (primary)9002 |
Data Integrity Management |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9076 | Maturity: Preliminary |
DescriptionDescription Summary
Data Integrity Management
Extended Description
Software without consistently-enforced approach to data integrity management incurs the risk of behaving unexpectedly.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9159 | Data Access Control Element from Outside Designated Data Manager Component | Quality Issues Organized by Practices (primary)9002 |
Data Resource Access without Use of Connection Pooling |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9116 | Maturity: Preliminary |
DescriptionDescription Summary
The software accesses a data resource without using a connection pooling capability.
Extended Description
This pattern identifies situations where the named callable control element or method control element executes the data resource management action not using connection pooling capability. The usage of connection pooling capability is technology dependent. As examples, connection pooling is disabled with the addition of 'Pooling=false' to the connection string with ADO.NET and the value of 'com.sun.jndi.ldap.connect.pool' environment parameter in Java.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-13 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-13. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Deadlock |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9028 | Maturity: Preliminary |
DescriptionDescription Summary
Deadlock may result when processing is suspended while waiting on a currently locked resource to become available and unlocked. However, the lock is never released and the state remains locked.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 667 | Shared Resource Improper Locking | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9018 | Modules with Circular Dependencies | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9070 | Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9172 | State Protection | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9178 | Locking | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9192 | Singleton Class Instance Creation without Proper Lock Element Management | Default Graph (primary)9001 |
Declaration of Catch for Generic Exception |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 396 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the named callable control element or method control element contains the catch unit which declares to catch the exception parameter whose datatype is part of the list of overly broad exception datatypes. With Java, an example is {'java.lang.Exception'}.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9010 | Execution Status Control | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9131 | Error/Exception Handling | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9154 | Poisoned Data Usage | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-396 |
| ASCSM | 1 | ASCSM-CWE-396 |
| CWE | 2.11 | 396 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-396. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-396. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Declaration of Throws for Generic Exception |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 397 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the named callable control element or method control element throws with the Throws action the exception parameter whose datatype is part of the list of overly broad exception datatypes. In Java, one example from this list is {'java.lang.Exception'}.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9010 | Execution Status Control | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9131 | Error/Exception Handling | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9154 | Poisoned Data Usage | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-397 |
| ASCSM | 1 | ASCSM-CWE-397 |
| CWE | 2.11 | 397 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-397. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-397. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Declaration of Variable with Unnecessarily Wide Scope |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9227 | Maturity: Preliminary |
DescriptionDescription Summary
The source code declares a variable in one scope, but the variable is only used within a narrower scope.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| CQE Team | MITRE | Internal CQE Team | ||
Degraded Comprehension |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9145 | Maturity: Preliminary |
DescriptionDescription Summary
Degraded Comprehension may result when conditions are too complex, disorderly, or non-sensical to be interpreted by human understanding.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 252 | Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource | Default Graph (primary)9001 |
| CanFollow | Is Issue | 396 | Declaration of Catch for Generic Exception | Default Graph (primary)9001 |
| CanFollow | Is Issue | 397 | Declaration of Throws for Generic Exception | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9007 | Architecture with Number of Horizontal Layers Outside of Expected Range | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9036 | Unrestricted Data Operations | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9052 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9093 | Invokable Control Element with Signature Containing an Excessive Number of Parameters | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9108 | Empty Exception Block | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9121 | Structured Programming | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9123 | Class with an Excessive Inheritance Level | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9124 | Layered Architectures | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9131 | Error/Exception Handling | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9134 | Unconditional Control Flow Transfer outside of Switch Block | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9137 | Unrestricted Parameters | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9160 | Invokable Control Element with Excessive File or Data Access Operations | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9184 | Use of Same Invokable Control Element in Multiple Architectural Layers | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9185 | Excessive Cyclomatic Complexity Within an Invokable Control Element | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9220 | Excessive Use of Unconditional Branching | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9222 | Excessive Cyclomatic Complexity | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9223 | Excessive Halstead Complexity | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9224 | Excessive Use of Self-Modifying Code | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9225 | Excessively Deep Nesting | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9227 | Declaration of Variable with Unnecessarily Wide Scope | Default Graph (primary)9001 |
Denial of Service |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9031 | Maturity: Preliminary |
DescriptionDescription Summary
Denial of Service may result if resources are exhausted at the time which they are called upon.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 672 | Expired or Released Resource Usage | Default Graph (primary)9001 |
| CanFollow | Is Issue | 772 | Missing Release of Resource after Effective Lifetime | Default Graph (primary)9001 |
Durability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9186 | Maturity: Preliminary |
DescriptionDescription Summary
Durability is a Quality_Characteristic describing how well an entity survives over its lifetime.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
Efficiency |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9074 | Maturity: Preliminary |
DescriptionDescription Summary
Efficiency is a Quality_Characteristic describing how an entity performs in relation to the amount of energy (work) required to perform.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9055 | Reusability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9056 | Conciseness | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9064 | Modularity | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9101 | Capacity/Allocation | Default Graph (primary)9001 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Embedded Network Configuration |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9068 | Maturity: Preliminary |
DescriptionDescription Summary
Embedded Network Configuration
Extended Description
Software featuring network configuration within its own code incurs the risk of failure when the remote resource changes.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9042 | Initialization with Hard-Coded Network Resource Configuration Data | Quality Issues Organized by Practices (primary)9002 |
Empty Exception Block |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9108 | Maturity: Preliminary |
DescriptionDescription Summary
An invokable code block contains an exception handling block that is empty.
Extended Description
This pattern identifies situations where the exception handling block (such as a Catch and Finally block) of the named callable and method control elements does not contain any other control element.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9131 | Error/Exception Handling | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-1 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-1. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Erroneous Behaviors |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9057 | Maturity: Preliminary |
DescriptionDescription Summary
Unpredictable or erroneous behaviors may result when programming logic, data, or conditions interact in a way that is outside of expected functional parameters.
RelationshipsError/Exception Handling |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9131 | Maturity: Preliminary |
DescriptionDescription Summary
Inconsistent/Incomplete Handling
Extended Description
Software without consistent and complete handling of errors and exceptions makes it impossible to accurately identify and adequately respond to unusual and unexpected situations.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| ParentOf | Is Issue | 252 | Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 396 | Declaration of Catch for Generic Exception | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 397 | Declaration of Throws for Generic Exception | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9108 | Empty Exception Block | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Excessive Attack Surface |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9226 | Maturity: Preliminary |
DescriptionDescription Summary
The product has an attack surface whose quantitative measurement exceeds a desirable maximum.
Extended Description
Originating from software security, an "attack surface" measure typically reflects the number of input points and outpoints that can be utilized by an untrusted party, i.e. a potential attacker. In some cases, this measure may reflect other aspects of quality besides security; e.g., a product with many inputs and outputs may require a large number of tests in order to improve code coverage.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Is Issue | 9221 | Excessive Code Complexity | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 7.9 |
ReferencesPratyusa Manadhata. "An Attack Surface Metric". November 2008. <http://reports-archive.adm.cs.cmu.edu/anon/2008/CMU-CS-08-152.pdf>. |
Pratyusa Manadhata and
Jeannette M. Wing. "Measuring a System’s Attack Surface". 2004. <http://www.cs.cmu.edu/afs/cs/usr/wing/www/publications/ManadhataWing04.pdf>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| CQE Team | MITRE | Internal CQE Team | ||
Excessive Code Complexity |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9221 | Maturity: Preliminary |
DescriptionDescription Summary
The code is too complex, as calculated using a well-defined, quantitative measure.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9222 | Excessive Cyclomatic Complexity | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9223 | Excessive Halstead Complexity | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9225 | Excessively Deep Nesting | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9226 | Excessive Attack Surface | Default Graph (primary)9001 |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| CQE Team | MITRE | Internal CQE Team | ||
Excessive Cyclomatic Complexity |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9222 | Maturity: Preliminary |
DescriptionDescription Summary
The code contains McCabe cyclomatic complexity that exceeds a desirable maximum.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Is Issue | 9221 | Excessive Code Complexity | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9185 | Excessive Cyclomatic Complexity Within an Invokable Control Element | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 7.2 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Wikipedia. "Cyclomatic Complexity". <https://en.wikipedia.org/wiki/Cyclomatic_complexity>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Excessive Cyclomatic Complexity Within an Invokable Control Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9185 | Maturity: Preliminary |
DescriptionDescription Summary
A named callable or method control element contains control flow that exceeds the desired cyclomatic complexity.
Extended Description
This pattern identifies situations where the named callable control element or method control element has a control flow with a Cyclomatic Complexity which is greater than the default threshold value of 20.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9121 | Structured Programming | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Is Issue | 9222 | Excessive Cyclomatic Complexity | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-11 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-11. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Excessive Data Query Operations in a Large Data Table |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9027 | Maturity: Preliminary |
DescriptionDescription Summary
The software performs a data query with a large number of joins and sub-queries on a large data table.
Extended Description
This pattern identifies situations where the data table is considered very large, based on its number of rows which exceeds the threshold value, and where it is accessed by the data actions which is considered to be too complex, based on its number of joins between tables which exceeds the threshold value, and its number of sub-queries which exceeds the threshold value. The default value for number of rows is 1000000. The default value for number of joins is 5. The default value for number of sub-queries is 3.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9105 | Data Access Constructs | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-4 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-4. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Excessive Execution of Sequential Searches of Data Resource |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9103 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a data query against an SQL table or view that is configured in a way that does not utilize an index and may cause sequential searches to be performed.
Extended Description
This pattern identifies situations where the syntax of the ReadsColumnSet action and the index configuration of the SQL table or SQL view causes the DBMS to run sequential searches.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9105 | Data Access Constructs | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-5 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-5. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Excessive Halstead Complexity |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9223 | Maturity: Preliminary |
DescriptionDescription Summary
The code is structured in a way that a Halstead complexity measure exceeds a desirable maximum.
Extended Description
A variety of Halstead complexity measures exist, such as program vocabulary size or volume.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Is Issue | 9221 | Excessive Code Complexity | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 7.2 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Wikipedia. "Halstead complexity measures". <https://en.wikipedia.org/wiki/Halstead_complexity_measures>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Excessive Index Range Scan for a Data Resource |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9187 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains an index range scan for a data resource, but the scan can cover a large number of rows.
Extended Description
This pattern identifies situations where the data table is considered as very large, based on its number of rows which exceeds the threshold value, and where its index is considered as too large, based on its range value which exceeds the threshold value. The default value for number of rows is 1000000 and the default value for index range is 10.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9105 | Data Access Constructs | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-7 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-7. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Excessive Modification Effort |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9113 | Maturity: Preliminary |
DescriptionDescription Summary
Excessive Modification Effort may result when code, documentation, or other conditions are too complex, disorderly, or non-sensical to be understood and modified in a timely or efficient manner.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 9007 | Architecture with Number of Horizontal Layers Outside of Expected Range | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9011 | Use of Redundant Code | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9052 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9060 | Multiple Inheritance from Concrete Classes | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9079 | Unreachable Invokable Control Element | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9088 | Reuse | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9089 | Code Comments | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9123 | Class with an Excessive Inheritance Level | Default Graph9001 |
| CanFollow | Pr Practice | 9124 | Layered Architectures | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9131 | Error/Exception Handling | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9161 | Excessive Volume of Commented-out Code | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9165 | Class with Excessive Number of Child Classes | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9184 | Use of Same Invokable Control Element in Multiple Architectural Layers | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9225 | Excessively Deep Nesting | Default Graph9001 |
Excessive Number of Data Accesses using Inefficient Procedures |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9077 | Maturity: Preliminary |
DescriptionDescription Summary
The software does not use efficient data-processing capabilities (such as stored procedures) when accessing data.
Extended Description
This pattern identifies situations where the server-side non-stored callable control elements in the data manager resource, embeds number of data resource access, which is considered too large because it exceeds the default threshold value of 5.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9167 | Stored Procedures & Functions | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-9 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-9. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Excessive Number of Indices for a Large Data Table |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9175 | Maturity: Preliminary |
DescriptionDescription Summary
The software uses a data table that contains a large number of indices.
Extended Description
This pattern identifies situations where the data table is considered as very large, based on its number of rows which exceeds the threshold value, and is considered to have too many indices, based on its number of indices which exceeds the threshold value. The default value for number of rows is 1000000. The default value for number of indices is 3.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9105 | Data Access Constructs | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-6 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-6. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Excessive Platform Resource Consumption within a Loop |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9041 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a loop or loop condition that directly or indirectly consumes platform resources, e.g. sessions or file descriptors.
Extended Description
This pattern identifies situations where the control element, whose nature is known to cause platform resource consumption, is directly or indirectly called via the execution path, starting from within the loop body block or within the loop condition.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-8 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-8. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Excessive Propagation of Modification Impacts |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9141 | Maturity: Preliminary |
DescriptionDescription Summary
Excessive Propagation of Modification Impacts may result when modifications are used that cause complex outward dependencies, excess lines of code, or other unnecessarily complex behavior that impacts significant results downstream in the code.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Pr Practice | 9016 | Modular Development | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9018 | Modules with Circular Dependencies | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9024 | Callable and Method Control Element Number of Outward Calls | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9151 | Source Code File with Excessive Number of Lines of Code | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9190 | Loop Condition Value Update within the Loop | Default Graph (primary)9001 |
Excessive Reliance on Global Variables |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9209 | Maturity: Preliminary |
DescriptionDescription Summary
The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 3.10 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Excessive Resource Expenditure |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9039 | Maturity: Preliminary |
DescriptionDescription Summary
Excessive Resource Expenditure may result when code does not manage or utilize resources in an efficient manner.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 9004 | Static Member Data Element outside of a Singleton Class Element | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9005 | Data Element Aggregating an Excessively Large Number of Non-Primitive Elements | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9014 | Creation of Immutable Text Using String Concatenation | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9027 | Excessive Data Query Operations in a Large Data Table | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9041 | Excessive Platform Resource Consumption within a Loop | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9061 | Recursion | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9077 | Excessive Number of Data Accesses using Inefficient Procedures | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9083 | Iteration Control | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9090 | Initialization within a Static Code Block | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9094 | Resource Bounds | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9103 | Excessive Execution of Sequential Searches of Data Resource | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9105 | Data Access Constructs | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9112 | Allocation of Memory without Associated Release | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9116 | Data Resource Access without Use of Connection Pooling | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9122 | Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9144 | Resource Monitoring | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9167 | Stored Procedures & Functions | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9175 | Excessive Number of Indices for a Large Data Table | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9176 | Coding Practices | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9182 | Use of Data Element without Invoking Deconstructor Method | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9187 | Excessive Index Range Scan for a Data Resource | Default Graph (primary)9001 |
Excessive Use of Hard-Coded Literals in Initialization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9046 | Maturity: Preliminary |
DescriptionDescription Summary
The software initializes a data element using a hard-coded literal.
Extended Description
This pattern identifies situations where the literal value element is used to initialize the storable data element or member data element via the Write action; exceptions are simple integers and static of constant storable or member data elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9142 | Hard-Coding | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9132 | Reduced Adaptability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-3 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-3. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Excessive Use of Self-Modifying Code |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9224 | Maturity: Preliminary |
DescriptionDescription Summary
The product uses too much self-modifying code.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 7.3 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Excessive Use of Unconditional Branching |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9220 | Maturity: Preliminary |
DescriptionDescription Summary
The code uses too many unconditional branches (such as "goto").
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9121 | Structured Programming | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 7.1 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Excessive Volume of Commented-out Code |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9161 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains an excessive amount of code that has been commented out.
Extended Description
This pattern identifies situations where the named callable control element or method control element contains too much commented-out code items, based on the percentage of instructions in the callable or method control element that are in comments which exceeds the default threshold value of 2%.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9089 | Code Comments | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-6 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-6. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Excessively Deep Nesting |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9225 | Maturity: Preliminary |
DescriptionDescription Summary
The code contains a callable or other code grouping in which the nesting / branching is too deep.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Is Issue | 9221 | Excessive Code Complexity | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 7.9 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Execution Status Control |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9010 | Maturity: Preliminary |
DescriptionDescription Summary
Execution Status Control
Extended Description
Software unaware of accurate execution status control incurs the risk of bad data being used in operations, possibly leading to a crash or other unintended behaviors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 252 | Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 396 | Declaration of Catch for Generic Exception | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 397 | Declaration of Throws for Generic Exception | Quality Issues Organized by Practices (primary)9002 |
Expired or Released Resource Usage |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 672 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the platform resource is deallocated in the manages action using its unique resource handler value which is transported throughout the application via the transport sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, then used later within the application to try and access the resource in the read or write action.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9080 | Resource Lifecycle | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9031 | Denial of Service | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-672 |
| CWE | 2.11 | 672 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-672. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Exposed Functionality |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9035 | Maturity: Preliminary |
DescriptionDescription Summary
Exposed Functionality may result when the method or logic used in code, authentication, or other software components are exposed to unintended actors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 798 | Hard-Coded Credentials Usage for Remote Authentication | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9063 | Authentication Practices | Default Graph (primary)9001 |
Exposed Resources |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9032 | Maturity: Preliminary |
DescriptionDescription Summary
Exposed Resources may result when CPU cycles, memory, file data and other components are exposed to unintended actors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 798 | Hard-Coded Credentials Usage for Remote Authentication | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9063 | Authentication Practices | Default Graph (primary)9001 |
Failure |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9143 | Maturity: Preliminary |
DescriptionDescription Summary
Failure is a class of Consequences that includes any number of results due to unexpected parameters, conditions or logic during code execution.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 120 | Buffer Copy without Checking Size of Input | Default Graph (primary)9001 |
| CanFollow | Is Issue | 129 | Array Index Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 606 | Unchecked Input for Loop Condition | Default Graph (primary)9001 |
| CanFollow | Is Issue | 672 | Expired or Released Resource Usage | Default Graph (primary)9001 |
| CanFollow | Is Issue | 772 | Missing Release of Resource after Effective Lifetime | Default Graph (primary)9001 |
| CanFollow | Is Issue | 789 | Uncontrolled Memory Allocation | Default Graph (primary)9001 |
| CanFollow | Is Issue | 835 | Loop with Unreachable Exit Condition ('Infinite Loop') | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9006 | OS Command Execution | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9010 | Execution Status Control | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9026 | Remote System Call Blocking | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9042 | Initialization with Hard-Coded Network Resource Configuration Data | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9049 | Array Indexing | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9068 | Embedded Network Configuration | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9078 | Memory Management | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9083 | Iteration Control | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9085 | Numerical Conversion | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9173 | Synchronous Call Time-Out Absence | Default Graph (primary)9001 |
File Path Control |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9183 | Maturity: Preliminary |
DescriptionDescription Summary
File Path Control
Extended Description
Software that is unaware of file path control incurs the risk of exposition of sensitive data, the risk of corruption of critical files, such as programs, libraries, or important data used in protection mechanisms.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9054 | Data Corruption | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9189 | Information Disclosure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 22 | Path Traversal Improper Input Neutralization | Quality Issues Organized by Practices (primary)9002 |
File Upload Control |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9095 | Maturity: Preliminary |
DescriptionDescription Summary
File Upload Control
Extended Description
Software unaware of file upload control incurs the risk of arbitrary code execution or other unexpected behaviors based on the type, extension, or other properties of the uploaded file.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9017 | Arbitrary Code Execution | Default Graph (primary)9001 |
| ParentOf | Is Issue | 434 | File Upload Improper Input Neutralization | Quality Issues Organized by Practices (primary)9002 |
File Upload Improper Input Neutralization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 434 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the file upload action; none of the callable or method control element of the transformation sequence being a vetted sanitization callable and method control element from the list of vetted sanitization callable and method control elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9095 | File Upload Control | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9017 | Arbitrary Code Execution | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-434 |
| CWE | 2.11 | 434 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-434. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Float Type Storable and Member Data Element Comparison with Equality Operator |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9138 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the floating value 1 and floating value 2 of storable or member data elements of float types, are tested for equality with regular comparison operators in the comparison control element.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-9 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-9. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Format String Improper Input Neutralization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 134 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the formatting statement; none of the callable or method control element of the transformation sequence being a vetted sanitization control element from the list of vetted sanitization control elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9129 | Output Formatting Control | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9017 | Arbitrary Code Execution | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9189 | Information Disclosure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-134 |
| CWE | 2.11 | 134 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-134. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Functionality |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9091 | Maturity: Preliminary |
DescriptionDescription Summary
Functionality is a Quality_Characteristic describing how well an entity performs as designed.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9048 | Portability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9098 | Compliance | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9099 | Structuredness | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9119 | Suitability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9128 | Self-Containedness | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9150 | Perceived Value | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9174 | Usability | Default Graph (primary)9001 |
Hard-Coded Credentials Usage for Remote Authentication |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 798 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where a literal value is hard-coded in the application via the Write action, transported throughout the application along the sequence composed of ActionElements with DataRelations, some of which being part of named callable and method control elements, and ultimately used in the remote resource management action; the transport sequence is composed of assignment operations as updates to the value would not be considered as hard-coded (literal) any more.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9063 | Authentication Practices | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9017 | Arbitrary Code Execution | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9032 | Exposed Resources | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9035 | Exposed Functionality | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-798 |
| CWE | 2.11 | 798 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-798. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Hard-Coding |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9142 | Maturity: Preliminary |
DescriptionDescription Summary
Hard-Coding
Extended Description
Software that depends on hard-coded pieces of information within its own code reduces adaptability.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9132 | Reduced Adaptability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9046 | Excessive Use of Hard-Coded Literals in Initialization | Quality Issues Organized by Practices (primary)9002 |
Inappropriate Comment Style |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9214 | Maturity: Preliminary |
DescriptionDescription Summary
The source code uses comment styles or formats that are inconsistent or do not follow expected standards for the product.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9066 | Legibility | Default Graph (primary)9001 |
| ChildOf | Is Issue | 9139 | Inappropriate Source Code Style or Formatting | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 5.5 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Inappropriate Source Code Style or Formatting |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9139 | Maturity: Preliminary |
DescriptionDescription Summary
The source code does not follow desired style or formatting for indentation, white space, comments, etc.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Is Issue | 9135 | Insufficient Adherence to Conventions | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9214 | Inappropriate Comment Style | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9215 | Inappropriate Whitespace Style | Default Graph (primary)9001 |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| CQE Team | MITRE | Internal CQE Team | ||
Inappropriate Whitespace Style |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9215 | Maturity: Preliminary |
DescriptionDescription Summary
The source code contains whitespace that is inconsistent across the code or does not follow expected standards for the product.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Is Issue | 9139 | Inappropriate Source Code Style or Formatting | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 5.10 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Incomplete Design Documentation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9211 | Maturity: Preliminary |
DescriptionDescription Summary
The product's design documentation does not adequately describe control flow, data flow, system initialization, relationships between tasks, components, rationales, or other important aspects of the design.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Is Issue | 9073 | Incomplete Documentation | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 4.2 | |
| SQAE | 4.3 | |
| SQAE | 4.4 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Incomplete Documentation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9073 | Maturity: Preliminary |
DescriptionDescription Summary
The documentation, whether on paper or in electronic form, does not contain descriptions of all the relevant elements of the product, such as its usage, structure, interfaces, design, implementation, configuration, operation, etc.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9050 | Missing Design Representation Documentation | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9211 | Incomplete Design Documentation | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9212 | Incomplete I/O Documentation | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9213 | Incomplete Documentation of Program Execution | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9219 | Insufficient Documentation of Error Handling Techniques | Default Graph (primary)9001 |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| CQE Team | MITRE | Internal CQE Team | ||
Incomplete Documentation of Program Execution |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9213 | Maturity: Preliminary |
DescriptionDescription Summary
The document does not fully define all mechanisms that are used to control or influence how product-specific programs are executed.
Extended Description
This includes environmental variables, configuration files, registry keys, command-line switches or options, or system settings.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Is Issue | 9073 | Incomplete Documentation | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 4.11 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Incomplete I/O Documentation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9212 | Maturity: Preliminary |
DescriptionDescription Summary
The product's documentation does not adequately define inputs, outputs, or system/software interfaces.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Is Issue | 9073 | Incomplete Documentation | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 4.6 | |
| SQAE | 4.7 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Inconsistency Between Implementation and Documented Design |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9107 | Maturity: Preliminary |
DescriptionDescription Summary
The implementation of the product is not consistent with the design as described within the relevant documentation.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9065 | Consistency | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 1.2 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Inconsistent Naming Conventions for Identifiers |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9200 | Maturity: Preliminary |
DescriptionDescription Summary
The product's code, documentation, or other artifacts do not consistently use the same naming conventions for variables, callables, groups of related callables, I/O capabilities, data types, file names, or similar types of elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9065 | Consistency | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 1.10 | |
| SQAE | 1.11 | |
| SQAE | 1.12 | |
| SQAE | 1.6 | |
| SQAE | 1.7 | |
| SQAE | 1.8 | |
| SQAE | 1.9 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Incorrect Type Conversion or Cast |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 704 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the storable element or member element is declared with the datatype in the Create action, then updated with a value that is cast via the type cast action into the second datatype, which is incompatible with the first one.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-704 |
| CWE | 2.11 | 704 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-704. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Increased (Access) Time |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9140 | Maturity: Preliminary |
DescriptionDescription Summary
Increased Access Time may result when code runs in an inefficient manner, resources are exhausted, or any number of conditions that take more than optimal cycles to complete.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 9069 | Data Access Operations Outside of Expected Data Manager Component | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9096 | Cache Maintenance | Default Graph (primary)9001 |
Information Disclosure |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9189 | Maturity: Preliminary |
DescriptionDescription Summary
Information Disclosure may result when sensitive data or feedback is unintentionally provided to unauthorized actors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 134 | Format String Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9063 | Authentication Practices | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9129 | Output Formatting Control | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9183 | File Path Control | Default Graph (primary)9001 |
Inheritance and Polymorphism |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9157 | Maturity: Preliminary |
DescriptionDescription Summary
Inheritance and Polymorphism
Extended Description
Software that does not follow the principles of inheritance and polymorphism results in unexpected behaviors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9088 | Reuse | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9013 | Child Class Element without Virtual Destructor unlike its Parent Class Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9060 | Multiple Inheritance from Concrete Classes | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9087 | Parent Class Element with References to Child Class Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9123 | Class with an Excessive Inheritance Level | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9147 | Parent Class Element without Virtual Destructor Method Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9165 | Class with Excessive Number of Child Classes | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9166 | Class Element with Virtual Method Element without Virtual Destructor | Quality Issues Organized by Practices (primary)9002 |
Initialization Practices |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9170 | Maturity: Preliminary |
DescriptionDescription Summary
Initialization Practices
Extended Description
Software featuring weak initialization practices incurs the risk of logic errors within the program, possibly leading to a security problem.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9058 | Security Vulnerabilities | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9146 | Math Error | Default Graph (primary)9001 |
| ParentOf | Is Issue | 456 | Storable and Member Data Element Missing Initialization | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Initialization with Hard-Coded Network Resource Configuration Data |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9042 | Maturity: Preliminary |
DescriptionDescription Summary
The software initializes data using hard-coded values related to network configuration.
Extended Description
This pattern identifies situations where the storable data element or member data element is initialized by the Write action with the hard-coded value corresponding to network resource identifications.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9068 | Embedded Network Configuration | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-18 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-18. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Initialization within a Static Code Block |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9090 | Maturity: Preliminary |
DescriptionDescription Summary
A code block that has been declared static performs initialization of data.
Extended Description
This pattern identifies situations where a storable data element or member data element is initialized with a value in the Write action located in a block of code which is declared as static.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-1 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-1. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Insufficient Adherence to Conventions |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9135 | Maturity: Preliminary |
DescriptionDescription Summary
The product, architecture, source code, design, documentation, or other artifact does not follow required conventions.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9139 | Inappropriate Source Code Style or Formatting | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9216 | Source Code Element without Standard Prologue | Default Graph (primary)9001 |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| CQE Team | MITRE | Internal CQE Team | ||
Insufficient Documentation of Error Handling Techniques |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9219 | Maturity: Preliminary |
DescriptionDescription Summary
The documentation does not sufficiently describe the techniques that are used for error handling, exception processing, or similar mechanisms.
Extended Description
Documentation may need to cover error handling techniques at multiple layers, such as module, executable, compilable code unit, or callable.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Is Issue | 9073 | Incomplete Documentation | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 6.1 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Insufficient Encapsulation of Machine-Dependent Functionality |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9206 | Maturity: Preliminary |
DescriptionDescription Summary
The product or code uses machine-dependent functionality, but it does not sufficiently encapsulate or isolate this functionality from machine-independent functionality.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 3.3 | |
| SQAE | 3.6 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Insufficient Isolation of Symbolic Constant Definitions |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9208 | Maturity: Preliminary |
DescriptionDescription Summary
The source code uses symbolic constants, but it does not sufficiently place the definitions of these constants into a more centralized or isolated location.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 3.8 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Insufficient Isolation of System-Dependent Functions |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9201 | Maturity: Preliminary |
DescriptionDescription Summary
The product or code does not isolate system-dependent functionality into separate standalone modules.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 2.3 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Insufficient Use of Symbolic Constants |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9207 | Maturity: Preliminary |
DescriptionDescription Summary
The source code uses literal constants that may need to change or evolve over time, instead of using symbolic constants.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 3.7 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Integrity |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9148 | Maturity: Preliminary |
DescriptionDescription Summary
Integrity is a Quality_Characteristic describing whether data has been corrupted in transmission.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9052 | Maturity: Preliminary |
DescriptionDescription Summary
The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the call skips at least one layer.
Extended Description
This pattern identifies situations where the named callable and method control elements from the higher horizontal layer directly calls the named callable or method control element from the lower horizontal layer, while the lower layer is not the next lower layer to the upper layer, as defined in the model of the architectural layers; this excludes the vertical utility layers that can be referenced from any horizontal layers.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9124 | Layered Architectures | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-12 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-12. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Invokable Control Element with Excessive File or Data Access Operations |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9160 | Maturity: Preliminary |
DescriptionDescription Summary
A named callable or method control element contains too many operations that utilize a data manager or file resource.
Extended Description
This pattern identifies situations where the named callable and method control elements has too many control elements involving a data manager or a file resource, based on its number of such control elements, which exceeds the default threshold value of 7.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9036 | Unrestricted Data Operations | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-14 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-14. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Invokable Control Element with Signature Containing an Excessive Number of Parameters |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9093 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a named callable or method control element whose signature has an unnecessarily large number of parameters.
Extended Description
This pattern identifies situations where the named callable control element or method control element has parameters in its signature which is greater than the default threshold value of 7.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9137 | Unrestricted Parameters | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-13 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-13. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Invokable Control Element with Variadic Parameter Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9062 | Maturity: Preliminary |
DescriptionDescription Summary
A named-callable or method control element has a signature that supports a variable number of parameters.
Extended Description
This pattern identifies situations where the named callable control element or method control element has a variable number of parameters, due to the variadic parameter in its signature.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-8 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-8. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Iteration Control |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9083 | Maturity: Preliminary |
DescriptionDescription Summary
Iteration Control
Extended Description
Software unaware of iteration control incurs the risk of unexpected consumption of resources, such as CPU cycles or memory, possibly leading to a crash or program exit due to exhaustion of resources.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
| ParentOf | Is Issue | 606 | Unchecked Input for Loop Condition | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 835 | Loop with Unreachable Exit Condition ('Infinite Loop') | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Pr Practice | 9061 | Recursion | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Layered Architectures |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9124 | Maturity: Preliminary |
DescriptionDescription Summary
Layered Architectures
Extended Description
Software that does not follow the principles of layered architectures (such as strict partitioning and strict call hierarchy) decreases comprehensibility as well as simplicity to evolve the code.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9007 | Architecture with Number of Horizontal Layers Outside of Expected Range | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9052 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9184 | Use of Same Invokable Control Element in Multiple Architectural Layers | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Learnability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9171 | Maturity: Preliminary |
DescriptionDescription Summary
Learnability is a Quality_Characteristic describing how easily a human can become familiar with an entity.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9174 | Usability | Default Graph (primary)9001 |
Legibility |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9066 | Maturity: Preliminary |
DescriptionDescription Summary
Legibility is a Quality_Characteristic describing how easily an entity can be read.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9012 | Analyzability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9214 | Inappropriate Comment Style | Default Graph (primary)9001 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Livelock |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9082 | Maturity: Preliminary |
DescriptionDescription Summary
Livelock may result when processing is suspended while a resource's lock-state continues to change.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 9018 | Modules with Circular Dependencies | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9070 | Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9172 | State Protection | Default Graph (primary)9001 |
| CanFollow | Is Issue | 9192 | Singleton Class Instance Creation without Proper Lock Element Management | Default Graph (primary)9001 |
Locking |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9178 | Maturity: Preliminary |
DescriptionDescription Summary
Locking
Extended Description
Software featuring inconsistent locking discipline incurs the risk of deadlock.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9028 | Deadlock | Default Graph (primary)9001 |
| ParentOf | Is Issue | 667 | Shared Resource Improper Locking | Quality Issues Organized by Practices (primary)9002 |
Loop Condition Value Update within the Loop |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9190 | Maturity: Preliminary |
DescriptionDescription Summary
The software uses a loop with a control flow condition based on a value that is updated within the body of the loop.
Extended Description
This pattern identifies situations where the value of the local storable data element used in the condition of the loop control flow of code is updated within the Write action located in the loop body block.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9141 | Excessive Propagation of Modification Impacts | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-5 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-5. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Loop with Unreachable Exit Condition ('Infinite Loop') |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 835 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the named callable control element or method control element features the execution path whose entry element is found again in the path, while it has no path whatsoever to not return to itself and exit the recursion.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9083 | Iteration Control | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-835 |
| CWE | 2.11 | 835 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-835. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Loss of Data Integrity |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9038 | Maturity: Preliminary |
DescriptionDescription Summary
Loss of Data Integrity may result when accuracy and consistency of data degrades over its life-cycle, or when unexpectedly exposed to unauthorized actors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 120 | Buffer Copy without Checking Size of Input | Default Graph (primary)9001 |
| CanFollow | Is Issue | 129 | Array Index Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 789 | Uncontrolled Memory Allocation | Default Graph (primary)9001 |
Maintainability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9034 | Maturity: Preliminary |
DescriptionDescription Summary
Maintainability is a Quality_Characteristic describing the effort required to modify an entity.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ParentOf | Is Issue | 9007 | Architecture with Number of Horizontal Layers Outside of Expected Range | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9011 | Use of Redundant Code | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9012 | Analyzability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9024 | Callable and Method Control Element Number of Outward Calls | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9029 | Changeability/Modifiability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9046 | Excessive Use of Hard-Coded Literals in Initialization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9052 | Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9055 | Reusability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9060 | Multiple Inheritance from Concrete Classes | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9064 | Modularity | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9073 | Incomplete Documentation | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9079 | Unreachable Invokable Control Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9093 | Invokable Control Element with Signature Containing an Excessive Number of Parameters | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9123 | Class with an Excessive Inheritance Level | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9134 | Unconditional Control Flow Transfer outside of Switch Block | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9135 | Insufficient Adherence to Conventions | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9151 | Source Code File with Excessive Number of Lines of Code | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9153 | Data Element Declared Public | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9160 | Invokable Control Element with Excessive File or Data Access Operations | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9161 | Excessive Volume of Commented-out Code | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9165 | Class with Excessive Number of Child Classes | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9174 | Usability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9181 | Method Containing Access of a Member Element from Another Class | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9184 | Use of Same Invokable Control Element in Multiple Architectural Layers | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9185 | Excessive Cyclomatic Complexity Within an Invokable Control Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9190 | Loop Condition Value Update within the Loop | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9201 | Insufficient Isolation of System-Dependent Functions | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9202 | Reliance on Runtime Component in Generated Code | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9203 | Reliance on Machine-Dependent Data Representation | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9204 | Use of Platform-Dependent Third Party Components | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9205 | Use of Unmaintained Third Party Components | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9206 | Insufficient Encapsulation of Machine-Dependent Functionality | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9207 | Insufficient Use of Symbolic Constants | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9208 | Insufficient Isolation of Symbolic Constant Definitions | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9209 | Excessive Reliance on Global Variables | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9210 | Use of Same Variable for Multiple Purposes | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9217 | Use of Inaccurate Comments | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9218 | Callable with Insufficient Behavioral Summary | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9220 | Excessive Use of Unconditional Branching | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9221 | Excessive Code Complexity | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9223 | Excessive Halstead Complexity | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9224 | Excessive Use of Self-Modifying Code | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9225 | Excessively Deep Nesting | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9227 | Declaration of Variable with Unnecessarily Wide Scope | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9228 | Compilation with Insufficient Warnings or Errors | Default Graph (primary)9001 |
| MemberOf | Vi View | 9001 | Default Graph | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM_Maintainability |
Math Error |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9146 | Maturity: Preliminary |
DescriptionDescription Summary
A Math Error may result when incorrect parameters are supplied to a mathematical function, the programming logic is incorrect in some way, or improper implementation of algorithms cause casting errors, precision errors, or other algorithmic errors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 681 | Numeric Types Incorrect Conversion | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9085 | Numerical Conversion | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9170 | Initialization Practices | Default Graph (primary)9001 |
Maturity |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9114 | Maturity: Preliminary |
DescriptionDescription Summary
Maturity is a Quality_Characteristic describing how well an entity's behaviors can reliably and sustainably produce required outcomes.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
Memory Corruption |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9022 | Maturity: Preliminary |
DescriptionDescription Summary
Memory Corruption may result when array index bounds are not adhered to, or memory addresses are written to or modified directly.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 120 | Buffer Copy without Checking Size of Input | Default Graph (primary)9001 |
| CanFollow | Is Issue | 789 | Uncontrolled Memory Allocation | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9049 | Array Indexing | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9078 | Memory Management | Default Graph (primary)9001 |
Memory Location Access After End of Buffer |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 788 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the value element is transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used as an index element to access a storable or member data element in the buffer Read or Write access action; none of the callable or method control element of the transformation sequence being a range check with regards to the buffer whose maximum size was defined in the buffer creation action.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9144 | Resource Monitoring | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-788 |
| CWE | 2.11 | 788 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-788. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Memory Management |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9078 | Maturity: Preliminary |
DescriptionDescription Summary
Memory Management
Extended Description
When software does not properly manage memory, it can consume more memory than is necessary or incur the risk of corruption of relevant memory - and perhaps instructions - possibly leading to a crash, the risk of data integrity loss, and the risk of unauthorized access to sensitive data.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9022 | Memory Corruption | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9054 | Data Corruption | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| ParentOf | Is Issue | 120 | Buffer Copy without Checking Size of Input | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 789 | Uncontrolled Memory Allocation | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Method Containing Access of a Member Element from Another Class |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9181 | Maturity: Preliminary |
DescriptionDescription Summary
A method for a class performs an operation that directly accesses a member element from another class.
Extended Description
This pattern identifies situations where the method control element from a class element accesses the member element from another class element.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9104 | Data Encapsulation | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9054 | Data Corruption | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-16 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-16. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Missing Design Representation Documentation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9050 | Maturity: Preliminary |
DescriptionDescription Summary
The documentation does not contain a representation of the product's design.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Is Issue | 9073 | Incomplete Documentation | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 1.1 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Missing Release of Resource after Effective Lifetime |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 772 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the platform resource is allocated and assigned a unique resource handler value via the ManagesResource action, its unique resource handler value is used throughout the application, along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, none of which being a resource release statement.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9080 | Resource Lifecycle | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Pr Practice | 9094 | Resource Bounds | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9031 | Denial of Service | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-772 |
| ASCSM | 1 | ASCSM-CWE-772 |
| CWE | 2.11 | 772 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-772. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-772. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Missing Serialization Control Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9102 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a serializable data element that does not have an associated serialization method.
Extended Description
This pattern identifies situations where the serializable storable element has no serialization control element in its list of control elements. In case of technologies with class and interface elements, this means situations where the serializable storable element is a class that implements a serializable interface element but does not implement a serialization method element as part of its list composed of method elements. The serializable nature of the element is technology dependent. As examples, serializable nature comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-2 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-2. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Modular Development |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9016 | Maturity: Preliminary |
DescriptionDescription Summary
Modularity
Extended Description
Software that does not follow the principles of modularity causes excessive propagation of modification impacts.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9141 | Excessive Propagation of Modification Impacts | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9018 | Modules with Circular Dependencies | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9024 | Callable and Method Control Element Number of Outward Calls | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9151 | Source Code File with Excessive Number of Lines of Code | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Modularity |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9064 | Maturity: Preliminary |
DescriptionDescription Summary
Modularity is a Quality_Characteristic describing the component's ability to be decomposed and matched in other ways (loosely coupled).
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9074 | Efficiency | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9018 | Modules with Circular Dependencies | Default Graph (primary)9001 |
Modules with Circular Dependencies |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9018 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains modules with circular dependencies.
Extended Description
This pattern identifies situations where the module has references that cycle back to itself via the module callable or data relations cycle. As an example, with Java, this pattern means cycles between packages.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9016 | Modular Development | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9064 | Modularity | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9172 | State Protection | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9028 | Deadlock | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9082 | Livelock | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9141 | Excessive Propagation of Modification Impacts | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-7 |
| ASCRM | 1 | ASCRM-RLB-13 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-7. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-13. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Multiple Inheritance from Concrete Classes |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9060 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a class with inheritance from more than one concrete class.
Extended Description
This pattern identifies situations where the number of inheritance of concrete classes of the class element is considered as too large, based on its number of inheritance of concrete classes which exceeds the default threshold value of 1.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9157 | Inheritance and Polymorphism | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-2 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-2. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Name or Reference Resolution Improper Input Neutralization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 99 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the platform action to access a resource by its name; none of the callable or method control element of the transformation sequence being a vetted sanitization callable and method control elements from the list of vetted sanitization callable and method control elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9127 | Resource Identification Control | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-99 |
| CWE | 2.11 | 99 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-99. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9070 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the named callable control element or method control element owns unsafe non-final static storable or member data element while it operates in a multi-threaded environment.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9172 | State Protection | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9028 | Deadlock | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9082 | Livelock | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-11 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-11. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Non-repudiation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9009 | Maturity: Preliminary |
DescriptionDescription Summary
Non-repudiation is a Quality_Characteristic describing whether data has been verified against its source.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9122 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the client-side named callable and method control elements, not in any data manager resource, embeds a number of accesses to a data resource, which is considered too large because it exceeds the default threshold value of 2.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9167 | Stored Procedures & Functions | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-10 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-10. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Numeric Types Incorrect Conversion |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 681 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the storable element or member element is declared with the numerical datatype in the Create action, then updated with a value which is cast via the type cast action into the second numerical datatype, which is incompatible with the first one.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9085 | Numerical Conversion | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9058 | Security Vulnerabilities | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9146 | Math Error | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-681 |
| CWE | 2.11 | 681 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-681. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Numerical Conversion |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9085 | Maturity: Preliminary |
DescriptionDescription Summary
Numerical Conversion
Extended Description
Software featuring weak numerical conversion practices incurs the risk of using the wrong number and generating incorrect results, possibly introducing new vulnerability when related to resource allocation and security decisions.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9058 | Security Vulnerabilities | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9146 | Math Error | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
| ParentOf | Is Issue | 681 | Numeric Types Incorrect Conversion | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Operability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9015 | Maturity: Preliminary |
DescriptionDescription Summary
Operability is a Quality_Characteristic describing how fit or ready an entity is for use.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9174 | Usability | Default Graph (primary)9001 |
OS Command Execution |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9006 | Maturity: Preliminary |
DescriptionDescription Summary
OS Command Control
Extended Description
Software unaware of OS command control incurs the risk of unauthorized command execution, possibly used to disable the software, or possibly leading to unauthorized read and modify data access.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9030 | Unauthorized Code Execution | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9030 | Unauthorized Code Execution | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| ParentOf | Is Issue | 78 | OS Command Injection Improper Input Neutralization | Quality Issues Organized by Practices (primary)9002 |
OS Command Injection Improper Input Neutralization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 78 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the platform action to be executed by the execution environment; none of the callable or method control element of the transformation sequence being a vetted sanitization callable and method control element from the list of vetted sanitization callable and method control elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9006 | OS Command Execution | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9030 | Unauthorized Code Execution | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-78 |
| CWE | 2.11 | 78 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-78. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Output Formatting Control |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9129 | Maturity: Preliminary |
DescriptionDescription Summary
Formatting Control
Extended Description
Software that is unaware of formatting control incurs the risk of execution of arbitrary code, excessive memory or disk consumption, or the risk of information disclosure, which can severely simplify exploitation of the software.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9017 | Arbitrary Code Execution | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9058 | Security Vulnerabilities | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9189 | Information Disclosure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 134 | Format String Improper Input Neutralization | Quality Issues Organized by Practices (primary)9002 |
Output Generation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9097 | Maturity: Preliminary |
DescriptionDescription Summary
Output Generation
Extended Description
Software featuring weak output generation practices incurs the risk of arbitrary code execution, the risk of sensitive data being compromised, and many other nefarious consequences.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9017 | Arbitrary Code Execution | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| ParentOf | Is Issue | 79 | Cross-site Scripting Improper Input Neutralization | Quality Issues Organized by Practices (primary)9002 |
Parent Class Element with References to Child Class Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9087 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the parent class element that is used in the 'to' association of the Extends class relation, references the child class element used in the 'from' association of the Extends class relation, directly or indirectly through parent and child class element, with the callable or data relations. The reference statement is made directly to the child class element or to any one of its own method or member elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9157 | Inheritance and Polymorphism | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-14 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-14. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Parent Class Element without Virtual Destructor Method Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9147 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where, with languages where custom destructors can be written, the parent class element of the child class element via an Extends class relation has no virtual destructor.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9157 | Inheritance and Polymorphism | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-16 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-16. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Path Traversal Improper Input Neutralization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 22 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the file path creation statement; none of the callable or method control element of the transformation sequence being a vetted sanitization callable and method control element from the list of vetted sanitization control elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9183 | File Path Control | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9054 | Data Corruption | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-22 |
| CWE | 2.11 | 22 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-22. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Perceived Value |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9150 | Maturity: Preliminary |
DescriptionDescription Summary
Perceived Value is a Quality_Characteristic describing cost to benefit analysis when compared to a similar entity.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
Performance |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9169 | Maturity: Preliminary |
DescriptionDescription Summary
Performance is a Quality_Characteristic describing how an entity executes its required functions.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ParentOf | Is Issue | 9004 | Static Member Data Element outside of a Singleton Class Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9005 | Data Element Aggregating an Excessively Large Number of Non-Primitive Elements | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9014 | Creation of Immutable Text Using String Concatenation | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9027 | Excessive Data Query Operations in a Large Data Table | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9041 | Excessive Platform Resource Consumption within a Loop | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9069 | Data Access Operations Outside of Expected Data Manager Component | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9074 | Efficiency | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9077 | Excessive Number of Data Accesses using Inefficient Procedures | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9090 | Initialization within a Static Code Block | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9092 | Availability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9103 | Excessive Execution of Sequential Searches of Data Resource | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9112 | Allocation of Memory without Associated Release | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9116 | Data Resource Access without Use of Connection Pooling | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9122 | Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9163 | Robustness | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9175 | Excessive Number of Indices for a Large Data Table | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9182 | Use of Data Element without Invoking Deconstructor Method | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9186 | Durability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9187 | Excessive Index Range Scan for a Data Resource | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9188 | Co-existence | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9195 | Stability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9221 | Excessive Code Complexity | Default Graph (primary)9001 |
| MemberOf | Vi View | 9001 | Default Graph | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM_Performance_Efficiency |
Persistent Storable Data Element without Associated Comparison Control Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9193 | Maturity: Preliminary |
DescriptionDescription Summary
The software uses a storable data element that does not have all of the associated control elements that are necessary to support comparison.
Extended Description
This pattern identifies situations where the persistent storable element has no dedicated control element aiming at handling comparison action elements from the list. In case of technologies with class elements, this means situations where the persistent storable element is a class that is made persistent while it does not implement method elements from the required comparison control element list is now composed of method elements. As an example, with Java, a required comparison control element list is {'hashCode()','equals()'} method elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-4 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-4. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Poisoned Data Usage |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9154 | Maturity: Preliminary |
Description
Description Summary
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 252 | Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource | Default Graph (primary)9001 |
| CanFollow | Is Issue | 396 | Declaration of Catch for Generic Exception | Default Graph (primary)9001 |
| CanFollow | Is Issue | 397 | Declaration of Throws for Generic Exception | Default Graph (primary)9001 |
Portability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9048 | Maturity: Preliminary |
DescriptionDescription Summary
Portability is a Quality_Characteristic describing the effort required to adapt or translate to other environments.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
Recoverability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9117 | Maturity: Preliminary |
DescriptionDescription Summary
Recoverability is a Quality_Characteristic describing how easily an entity returns to a desired state from unexpected situations.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9051 | Replaceability | Default Graph (primary)9001 |
Recursion |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9061 | Maturity: Preliminary |
DescriptionDescription Summary
Recursion
Extended Description
Software that is unaware of recursion incurs the risk of exceeding resource and capacity limits.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9083 | Iteration Control | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
| ParentOf | Is Issue | 674 | Uncontrolled Recursion | Quality Issues Organized by Practices (primary)9002 |
Reduced Adaptability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9132 | Maturity: Preliminary |
DescriptionDescription Summary
Adaptability may be reduced if variables are initialized or defined by hard-coded or set values embedded within the code.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 9046 | Excessive Use of Hard-Coded Literals in Initialization | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9142 | Hard-Coding | Default Graph (primary)9001 |
Reliability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9120 | Maturity: Preliminary |
DescriptionDescription Summary
Reliability is a Quality_Characteristic describing how dependably an entity performs.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ParentOf | Is Issue | 120 | Buffer Copy without Checking Size of Input | Default Graph (primary)9001 |
| ParentOf | Is Issue | 252 | Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource | Default Graph (primary)9001 |
| ParentOf | Is Issue | 396 | Declaration of Catch for Generic Exception | Default Graph (primary)9001 |
| ParentOf | Is Issue | 397 | Declaration of Throws for Generic Exception | Default Graph (primary)9001 |
| ParentOf | Is Issue | 456 | Storable and Member Data Element Missing Initialization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 674 | Uncontrolled Recursion | Default Graph (primary)9001 |
| ParentOf | Is Issue | 704 | Incorrect Type Conversion or Cast | Default Graph (primary)9001 |
| ParentOf | Is Issue | 772 | Missing Release of Resource after Effective Lifetime | Default Graph (primary)9001 |
| ParentOf | Is Issue | 788 | Memory Location Access After End of Buffer | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9008 | Accuracy | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9013 | Child Class Element without Virtual Destructor unlike its Parent Class Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9018 | Modules with Circular Dependencies | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9042 | Initialization with Hard-Coded Network Resource Configuration Data | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9053 | Accountability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9062 | Invokable Control Element with Variadic Parameter Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9070 | Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9087 | Parent Class Element with References to Child Class Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9100 | Runtime Resource Management Control Element in a Component Built to Run on Application Servers | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9102 | Missing Serialization Control Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9108 | Empty Exception Block | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9110 | Serializable Data Element Containing non-Serializable Item Elements | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9114 | Maturity | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9117 | Recoverability | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9138 | Float Type Storable and Member Data Element Comparison with Equality Operator | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9147 | Parent Class Element without Virtual Destructor Method Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9156 | Class Instance Self Destruction Control Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9159 | Data Access Control Element from Outside Designated Data Manager Component | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9163 | Robustness | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9166 | Class Element with Virtual Method Element without Virtual Destructor | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9173 | Synchronous Call Time-Out Absence | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9188 | Co-existence | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9192 | Singleton Class Instance Creation without Proper Lock Element Management | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9193 | Persistent Storable Data Element without Associated Comparison Control Element | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9194 | Storable or Member Data Element containing Pointer Item Element without Proper Copy Control Element | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9195 | Stability | Default Graph (primary)9001 |
| MemberOf | Vi View | 9001 | Default Graph | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM_Reliability |
Reliance on Machine-Dependent Data Representation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9203 | Maturity: Preliminary |
DescriptionDescription Summary
The code uses a data representation that relies on low-level data representation or constructs that may vary across different processors, physical machines, OSes, or other physical components.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 2.7 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Reliance on Runtime Component in Generated Code |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9202 | Maturity: Preliminary |
DescriptionDescription Summary
The product uses automatically-generated code that cannot be executed without a specific runtime support component.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 2.6 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Remote System Call Blocking |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9026 | Maturity: Preliminary |
DescriptionDescription Summary
Remote System Call Blocking
Extended Description
Software featuring blocking calls to remote systems incurs the risk of its own failure when the remote systems fails to process the call correctly.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9173 | Synchronous Call Time-Out Absence | Quality Issues Organized by Practices (primary)9002 |
Replaceability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9051 | Maturity: Preliminary |
DescriptionDescription Summary
Replaceability is a Quality_Characteristic describing how easily an element can be exchanged in a given environment.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9117 | Recoverability | Default Graph (primary)9001 |
Resource Bounds |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9094 | Maturity: Preliminary |
DescriptionDescription Summary
Resource Bounds
Extended Description
Software that is unaware of resource bounds or fails to monitor resources incurs the risk of exceeding resource and capacity limits.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
| ParentOf | Is Issue | 772 | Missing Release of Resource after Effective Lifetime | Quality Issues Organized by Practices (primary)9002 |
Resource Exhaustion |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9177 | Maturity: Preliminary |
DescriptionDescription Summary
Resource Exhaustion may result when a specific resource is expended and/or not replaced and remains unavailable.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 606 | Unchecked Input for Loop Condition | Default Graph (primary)9001 |
| CanFollow | Is Issue | 674 | Uncontrolled Recursion | Default Graph (primary)9001 |
| CanFollow | Is Issue | 772 | Missing Release of Resource after Effective Lifetime | Default Graph (primary)9001 |
| CanFollow | Is Issue | 788 | Memory Location Access After End of Buffer | Default Graph (primary)9001 |
| CanFollow | Is Issue | 835 | Loop with Unreachable Exit Condition ('Infinite Loop') | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9061 | Recursion | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9080 | Resource Lifecycle | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9083 | Iteration Control | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9085 | Numerical Conversion | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9094 | Resource Bounds | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9144 | Resource Monitoring | Default Graph (primary)9001 |
Resource Identification Control |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9127 | Maturity: Preliminary |
DescriptionDescription Summary
Resource Identification Control
Extended Description
Software unaware of resource identification control incurs the risk of unauthorized access to or modification of sensitive data and system resources, including configuration files and files containing sensitive information.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9037 | Resource Management | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| ParentOf | Is Issue | 99 | Name or Reference Resolution Improper Input Neutralization | Quality Issues Organized by Practices (primary)9002 |
Resource Lifecycle |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9080 | Maturity: Preliminary |
DescriptionDescription Summary
Resource Lifecycle
Extended Description
Software unaware of resource lifecycle incurs the risk of preventing all other processes from accessing the same type of resource.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9037 | Resource Management | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
| ParentOf | Is Issue | 672 | Expired or Released Resource Usage | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 772 | Missing Release of Resource after Effective Lifetime | Quality Issues Organized by Practices (primary)9002 |
Resource Monitoring |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9144 | Maturity: Preliminary |
DescriptionDescription Summary
Resource Monitoring
Extended Description
Software that is unaware of resource bounds or fails to monitor resources incurs the risk of exceeding resource and capacity limits.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9037 | Resource Management | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
| ParentOf | Is Issue | 788 | Memory Location Access After End of Buffer | Quality Issues Organized by Practices (primary)9002 |
Reusability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9055 | Maturity: Preliminary |
DescriptionDescription Summary
Reusability is a Quality_Characteristic describing how efficiently an entity can be used in new applications.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9074 | Efficiency | Default Graph (primary)9001 |
| ParentOf | Pr Practice | 9088 | Reuse | Default Graph (primary)9001 |
Reuse |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9088 | Maturity: Preliminary |
DescriptionDescription Summary
Reuse
Extended Description
Software that does not follow the principles of reuse requires more maintenance effort in order to propagate changes to all instances of duplicated code.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9055 | Reusability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9011 | Use of Redundant Code | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9079 | Unreachable Invokable Control Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Pr Practice | 9157 | Inheritance and Polymorphism | Quality Issues Organized by Practices (primary)9002 |
| MemberOf | Vi View | 9002 | Quality Issues Organized by Practices | Quality Issues Organized by Practices (primary)9002 |
Robustness |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9163 | Maturity: Preliminary |
DescriptionDescription Summary
Robustness is a Quality_Characteristic describing how well an entity can perform given unexpected situations.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
Runtime Resource Management Control Element in a Component Built to Run on Application Servers |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9100 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the application uses deployed component from the platform deployed component list, yet uses control elements from the list of low-level resource management API.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-5 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-5. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Security |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9115 | Maturity: Preliminary |
DescriptionDescription Summary
A Quality_Characteristic describing safeguarding sensitive data from unintended actors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
| ParentOf | Is Issue | 22 | Path Traversal Improper Input Neutralization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 78 | OS Command Injection Improper Input Neutralization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 79 | Cross-site Scripting Improper Input Neutralization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 89 | SQL Injection Improper Input Neutralization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 99 | Name or Reference Resolution Improper Input Neutralization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 120 | Buffer Copy without Checking Size of Input | Default Graph (primary)9001 |
| ParentOf | Is Issue | 129 | Array Index Improper Input Neutralization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 134 | Format String Improper Input Neutralization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 252 | Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource | Default Graph (primary)9001 |
| ParentOf | Is Issue | 327 | Broken or Risky Cryptographic Algorithm Usage | Default Graph (primary)9001 |
| ParentOf | Is Issue | 396 | Declaration of Catch for Generic Exception | Default Graph (primary)9001 |
| ParentOf | Is Issue | 397 | Declaration of Throws for Generic Exception | Default Graph (primary)9001 |
| ParentOf | Is Issue | 434 | File Upload Improper Input Neutralization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 456 | Storable and Member Data Element Missing Initialization | Default Graph (primary)9001 |
| ParentOf | Is Issue | 606 | Unchecked Input for Loop Condition | Default Graph (primary)9001 |
| ParentOf | Is Issue | 667 | Shared Resource Improper Locking | Default Graph (primary)9001 |
| ParentOf | Is Issue | 672 | Expired or Released Resource Usage | Default Graph (primary)9001 |
| ParentOf | Is Issue | 681 | Numeric Types Incorrect Conversion | Default Graph (primary)9001 |
| ParentOf | Is Issue | 772 | Missing Release of Resource after Effective Lifetime | Default Graph (primary)9001 |
| ParentOf | Is Issue | 789 | Uncontrolled Memory Allocation | Default Graph (primary)9001 |
| ParentOf | Is Issue | 798 | Hard-Coded Credentials Usage for Remote Authentication | Default Graph (primary)9001 |
| ParentOf | Is Issue | 835 | Loop with Unreachable Exit Condition ('Infinite Loop') | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9009 | Non-repudiation | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9025 | Confidentiality | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9098 | Compliance | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9099 | Structuredness | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9133 | Authentication | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9148 | Integrity | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9226 | Excessive Attack Surface | Default Graph (primary)9001 |
| MemberOf | Vi View | 9001 | Default Graph | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM_Security |
Security Vulnerabilities |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9058 | Maturity: Preliminary |
DescriptionDescription Summary
Security Vulnerabilities are a class of Consequences that includes any security-sensitive context that allows for code to perform outside of expected parameters.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 456 | Storable and Member Data Element Missing Initialization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 681 | Numeric Types Incorrect Conversion | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9085 | Numerical Conversion | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9129 | Output Formatting Control | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9170 | Initialization Practices | Default Graph (primary)9001 |
Self-Containedness |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9128 | Maturity: Preliminary |
DescriptionDescription Summary
Self-Containedness is a Quality_Characteristic describing how well an element operates independently.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
Serializable Data Element Containing non-Serializable Item Elements |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9110 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a serializable, storable data element, but the data element contains item elements that are not serializable.
Extended Description
This pattern identifies situations where the serializable storable element is composed of the non-serializable item element. In case of technologies with class and interface elements, this means situations where the serializable storage element is a class that is serializable but owns a non-Serializable member element. The serializable nature of the element is technology dependent. As examples, serializable nature comes from a serializable SerializableAttribute attribute in .NET and the inheritance from the java.io.Serializable interface in Java.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-3 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-3. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Shared Resource Improper Locking |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 667 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the shared storable data element or member data element, declared with the Create action, is accessed outside a critical section of the application via the Read or Write action. The critical nature of the section is technology and platform dependent. As examples, in C/C++, critical nature comes from the use of 'mtx_lock' and 'mtx_unlock' from the 'threads.h' standard C language API, or from the use of 'pthread_mutex_lock' and 'pthread_mutex_unlock' from the 'pthreads.h' C/C++ POSIX API, or from the use of 'EnterCriticalSection' and 'LeaveCriticalSection' from the 'windows.h' C/C++ Win32 API. As other examples, in Java, critical nature comes from the use of the 'synchronized' keyword, and in C#, critical nature comes from the use of the 'lock' keyword.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9178 | Locking | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9028 | Deadlock | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-667 |
| CWE | 2.11 | 667 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-667. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Singleton Class Instance Creation without Proper Lock Element Management |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9192 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the singleton class element, that is, a class element that can be used only once in the 'to' association of a Create action, is instantiated with the Creates action element without any prior locking mechanism activation.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9172 | State Protection | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9028 | Deadlock | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9082 | Livelock | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-12 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-12. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Source Code Element without Standard Prologue |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9216 | Maturity: Preliminary |
DescriptionDescription Summary
The source code contains elements such as source files or callables that do not consistently follow a prologue or header that has been standardized for the project.
Extended Description
The lack of a prologue can make it more difficult to accurately and quickly understand the associated code. Standard prologues or headers may contain information such as module name, version number, author, date, purpose, function, assumptions, limitations, accuracy considerations, etc.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9012 | Analyzability | Default Graph (primary)9001 |
| ChildOf | Is Issue | 9135 | Insufficient Adherence to Conventions | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 5.1 | |
| SQAE | 5.2 | |
| SQAE | 5.3 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Source Code File with Excessive Number of Lines of Code |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9151 | Maturity: Preliminary |
DescriptionDescription Summary
A source code file has too many lines of code.
Extended Description
This pattern identifies situations where the file has too many lines of code, based on its number of lines of code which exceeds the default threshold value of 1000.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9016 | Modular Development | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9141 | Excessive Propagation of Modification Impacts | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-8 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-8. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
SQL Command Execution |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9003 | Maturity: Preliminary |
DescriptionDescription Summary
SQL Command Control
Extended Description
Software unaware of SQL command control incurs the risk of unauthorized read, modify, and delete access to sensitive data.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
| ParentOf | Is Issue | 89 | SQL Injection Improper Input Neutralization | Quality Issues Organized by Practices (primary)9002 |
SQL Injection Improper Input Neutralization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 89 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the SQL compilation statement; none of the callable or method control element of the transformation sequence being a vetted sanitization callable and method control elements from the list of vetted sanitization control elements.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9003 | SQL Command Execution | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-89 |
| CWE | 2.11 | 89 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-89. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Stability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9195 | Maturity: Preliminary |
DescriptionDescription Summary
Stability is a Quality_Characteristic describing how well an entity can reliably perform over a period of time.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
State Protection |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9172 | Maturity: Preliminary |
DescriptionDescription Summary
State Protection
Extended Description
Software deployed in multi-thread environments that does not protect their state can experience deadlock or livelock.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9028 | Deadlock | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9082 | Livelock | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9018 | Modules with Circular Dependencies | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9070 | Named Callable and Method Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9192 | Singleton Class Instance Creation without Proper Lock Element Management | Quality Issues Organized by Practices (primary)9002 |
Static Member Data Element outside of a Singleton Class Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9004 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the static member element is declared as static but its parent class element is not a singleton class, that is, a class element that can be used only once in the 'to' association of a Create action; it does not take into account final static fields.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-3 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-3. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Storable and Member Data Element Missing Initialization |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 456 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a storable or member data element that is not initialized before it is used.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9170 | Initialization Practices | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9058 | Security Vulnerabilities | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-456 |
| ASCSM | 1 | ASCSM-CWE-456 |
| CWE | 2.11 | 456 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-456. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-456. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Storable or Member Data Element containing Pointer Item Element without Proper Copy Control Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9194 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the storable data element or member data element contains the child pointer data element but has no dedicated copy operation or copy constructor element.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-6 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-6. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Stored Procedures & Functions |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9167 | Maturity: Preliminary |
DescriptionDescription Summary
Stored Procedures and Functions
Extended Description
Software that does not leverage database capabilities to efficiently run data processing (such as stored procedures and functions) requires excessive computational resources.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9077 | Excessive Number of Data Accesses using Inefficient Procedures | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9122 | Non-SQL Named Callable and Method Control Element with Excessive Number of Data Resource Access | Quality Issues Organized by Practices (primary)9002 |
Structured Programming |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9121 | Maturity: Preliminary |
DescriptionDescription Summary
Structured Programming
Extended Description
Software that does not follow the principles of structured programming degrades comprehensibility.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9134 | Unconditional Control Flow Transfer outside of Switch Block | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9185 | Excessive Cyclomatic Complexity Within an Invokable Control Element | Quality Issues Organized by Practices (primary)9002 |
| ParentOf | Is Issue | 9220 | Excessive Use of Unconditional Branching | Quality Issues Organized by Practices (primary)9002 |
Structuredness |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9099 | Maturity: Preliminary |
DescriptionDescription Summary
Structuredness is a Quality_Characteristic describing how well an entity conforms to a given arrangement or partition.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9065 | Consistency | Default Graph (primary)9001 |
Suitability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9119 | Maturity: Preliminary |
DescriptionDescription Summary
Suitability is a Quality_Characteristic describing how well an entity meets objectives and requirements for a situation.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
Synchronous Call Time-Out Absence |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9173 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the synchronous call instruction is initiated but the time-out argument is not set or set to infinite time.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9026 | Remote System Call Blocking | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-RLB-19 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-RLB-19. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Unauthorized Access to Sensitive Information |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9152 | Maturity: Preliminary |
DescriptionDescription Summary
Unauthorized Access to Sensitive Information may result when improper access controls are implemented, resulting in data leaks or unauthorized parties accessing information.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 22 | Path Traversal Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 79 | Cross-site Scripting Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 89 | SQL Injection Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 99 | Name or Reference Resolution Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 120 | Buffer Copy without Checking Size of Input | Default Graph (primary)9001 |
| CanFollow | Is Issue | 129 | Array Index Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Is Issue | 327 | Broken or Risky Cryptographic Algorithm Usage | Default Graph (primary)9001 |
| CanFollow | Is Issue | 672 | Expired or Released Resource Usage | Default Graph (primary)9001 |
| CanFollow | Is Issue | 772 | Missing Release of Resource after Effective Lifetime | Default Graph (primary)9001 |
| CanFollow | Is Issue | 789 | Uncontrolled Memory Allocation | Default Graph (primary)9001 |
| CanFollow | Is Issue | 798 | Hard-Coded Credentials Usage for Remote Authentication | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9003 | SQL Command Execution | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9006 | OS Command Execution | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9049 | Array Indexing | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9063 | Authentication Practices | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9078 | Memory Management | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9097 | Output Generation | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9127 | Resource Identification Control | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9136 | Cryptography | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9183 | File Path Control | Default Graph (primary)9001 |
Unauthorized Code Execution |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9030 | Maturity: Preliminary |
DescriptionDescription Summary
Unauthorized Code Execution may result when improper access controls are implemented, resulting in code being executed by unprivileged actors.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanFollow | Is Issue | 78 | OS Command Injection Improper Input Neutralization | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9006 | OS Command Execution | Default Graph (primary)9001 |
| CanFollow | Pr Practice | 9006 | OS Command Execution | Default Graph (primary)9001 |
Unchecked Input for Loop Condition |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 606 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used in the loop condition statement; none of the callable or method control element of the transformation sequence being a range check control element
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9083 | Iteration Control | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-606 |
| CWE | 2.11 | 606 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-606. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Unchecked Return Parameter Value of Invokable Control Element with Read, Write, and Manage Access to Platform or Data Resource |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 252 | Maturity: Preliminary |
DescriptionDescription Summary
A named callable control element or method control element performs an action that reads, writes, or manages access to a data or platform resource, but it does not check the return parameter from the action.
Extended Description
For data resources managed using SQL, this pattern identifies situations where the invokable control element executes a CRUD SQL statement with the execute SQL statement action, yet the value of the return parameter from the action is not used by any check control element.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9010 | Execution Status Control | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9131 | Error/Exception Handling | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9057 | Erroneous Behaviors | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9154 | Poisoned Data Usage | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9168 | Unexpected Behaviors | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-252-data |
| ASCRM | 1 | ASCRM-CWE-252-resource |
| ASCSM | 1 | ASCSM-CWE-252 |
| CWE | 2.11 | 252 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-252-resource. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-252-resource. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-252-data. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Unconditional Control Flow Transfer outside of Switch Block |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9134 | Maturity: Preliminary |
DescriptionDescription Summary
The software performs unconditional control transfer (such as a "goto") in code outside of a branching structure such as a switch block.
Extended Description
This pattern identifies situations where control flow unconditional transfer of control is located outside the branching based on the value of a storable element.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9121 | Structured Programming | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-1 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-1. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Uncontrolled Memory Allocation |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 789 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where an external value is entered into the application through the user interface ReadsUI action, transformed throughout the application along the sequence composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, and ultimately used as an index element to access a storable or member data element in the buffer Read or Write access action; none of the callable or method control element of the transformation sequence being a range check with regards to the 'Buffer' buffer that whose maximum size was defined in the buffer creation action.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9078 | Memory Management | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9115 | Security | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9022 | Memory Corruption | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9038 | Loss of Data Integrity | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9143 | Failure | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9152 | Unauthorized Access to Sensitive Information | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCSM | 1 | ASCSM-CWE-789 |
| CWE | 2.11 | 789 |
References"Automated Source Code Security Measure
(ASCSM)". ASCSM-CWE-789. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>. |
Uncontrolled Recursion |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 674 | Maturity: Preliminary |
DescriptionDescription Summary
This pattern identifies situations where the named callable control element or method control element features the recursive execution path.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Pr Practice | 9061 | Recursion | Quality Issues Organized by Practices (primary)9002 |
| ChildOf | Ch Characteristic | 9120 | Reliability | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9177 | Resource Exhaustion | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCRM | 1 | ASCRM-CWE-674 |
| CWE | 2.11 | 674 |
References"Automated Source Code Reliability Measure
(ASCRM)". ASCRM-CWE-674. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>. |
Understandability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9084 | Maturity: Preliminary |
DescriptionDescription Summary
Understandability is a Quality_Characteristic describing how easily an entity can be comprehended.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9174 | Usability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9012 | Analyzability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9149 | Communicativeness | Default Graph (primary)9001 |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Unexpected Behaviors |
[an error occurred while processing this directive]
Definition in a New Window
|
| Consequence ID: 9168 | Maturity: Preliminary |
Description
Description Summary
RelationshipsUnreachable Invokable Control Element |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9079 | Maturity: Preliminary |
DescriptionDescription Summary
The software contains a named callable or method control element that is not reachable by other code, i.e. is dead code.
Extended Description
This pattern identifies situations where the named callable control element or method control element is unreferenced by any other code item in the application; the application determines the scope of the search for code items that could call the callable or method control element.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9088 | Reuse | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-20 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-20. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Unrestricted Data Operations |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9036 | Maturity: Preliminary |
DescriptionDescription Summary
Unrestricted Data Operations
Extended Description
Software that does not cap the number of data operations degrades comprehensibility by requiring the understanding of too many external data structures.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9160 | Invokable Control Element with Excessive File or Data Access Operations | Quality Issues Organized by Practices (primary)9002 |
Unrestricted Parameters |
[an error occurred while processing this directive]
Definition in a New Window
|
| Practice ID: 9137 | Maturity: Preliminary |
DescriptionDescription Summary
Unrestricted Parameters
Extended Description
Software that does not cap the number of parameters degrades comprehensibility.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
| ParentOf | Is Issue | 9093 | Invokable Control Element with Signature Containing an Excessive Number of Parameters | Quality Issues Organized by Practices (primary)9002 |
Usability |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Characteristic ID: 9174 | Maturity: Preliminary |
DescriptionDescription Summary
Usability is a Quality_Characteristic describing how much effort is needed to learn, operate, and interpret outputs of an entity.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Ch Characteristic | 9091 | Functionality | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9015 | Operability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9033 | Accessibility | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9084 | Understandability | Default Graph (primary)9001 |
| ParentOf | Ch Characteristic | 9171 | Learnability | Default Graph (primary)9001 |
Use of Data Element without Invoking Deconstructor Method |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9182 | Maturity: Preliminary |
DescriptionDescription Summary
The software accesses a data element but does not later invoke its associated finalize method.
Extended Description
This pattern identifies situations where the method control element references via the access action the storable or member data element without invoking its finalize ("destructor") method.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9169 | Performance | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9176 | Coding Practices | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9039 | Excessive Resource Expenditure | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCPEM | 1 | ASCPEM-PRF-15 |
References"Automated Source Code Performance Efficiency
Measure (ASCPEM)". ASCPEM-PRF-15. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCPEM/1.0>. |
Use of Inaccurate Comments |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9217 | Maturity: Preliminary |
DescriptionDescription Summary
The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated.
Extended Description
When a comment does not accurately reflect the associated code elements, this can introduce confusion to a reviewer (due to inconsistencies) or make it more difficult and less efficient to validate that the code is implementing the intended behavior correctly.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 5.6 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Use of Platform-Dependent Third Party Components |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9204 | Maturity: Preliminary |
DescriptionDescription Summary
The product relies on third-party software components that do not provide equivalent functionality across all desirable platforms.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 2.8 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Use of Redundant Code |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9011 | Maturity: Preliminary |
DescriptionDescription Summary
The software has two or more invokable control elements that contain the same code.
Extended Description
This pattern identifies situations where the named callable control element or method control element contains too many identical computational objects, based on the number of identical computational objects with the named callable or method control element within the application; the application determines the scope of the search for the code item.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9088 | Reuse | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-19 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-19. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Use of Same Invokable Control Element in Multiple Architectural Layers |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9184 | Maturity: Preliminary |
DescriptionDescription Summary
The software uses the same control element across multiple architectural layers.
Extended Description
This pattern identifies situations where the callable or method control element is part of both layer 1 and layer 2 architectural layers.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
| ChildOf | Pr Practice | 9124 | Layered Architectures | Quality Issues Organized by Practices (primary)9002 |
| CanPrecede | Co Consequence | 9113 | Excessive Modification Effort | Default Graph (primary)9001 |
| CanPrecede | Co Consequence | 9145 | Degraded Comprehension | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| ASCMM | 1 | ASCMM-MNT-10 |
References"Automated Source Code Maintainability Measure
(ASCMM)". ASCMM-MNT-10. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCMM/1.0>. |
Use of Same Variable for Multiple Purposes |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9210 | Maturity: Preliminary |
DescriptionDescription Summary
The code contains a callable, block, or other code element in which the same variable is used to control more than one unique task or store more than one instance of data.
Extended Description
Use of the same variable for multiple purposes can make it more difficult for a person to read or understand the code, potentially hiding other quality issues.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Related Taxonomy Entries
| Taxonomy | Version | Related ID |
|---|---|---|
| SQAE | 3.9 |
ReferencesRobert A. Martin and
Lawrence H. Shafer. "Providing a Framework for Effective Software Quality
Assessment". 6th Annual International Symposium of
INCOSE. 1996-07-09. <https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT>. |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| SQAE Team | MITRE | Externally Mined | ||
Use of Unmaintained Third Party Components |
[an error occurred while processing this directive]
Definition in a New Window
|
| Quality Issue ID: 9205 | Maturity: Preliminary |
DescriptionDescription Summary
The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer.
Extended Description
Reliance on components that are no longer maintained can make it difficult or impossible to fix significant bugs, vulnerabilities, or quality issues. Effectively, unmaintained code will become obsolete.
Relationships| Nature | Type | ID | Name | View(s) this relationship pertains to View |
|---|---|---|---|---|
| ChildOf | Ch Characteristic | 9034 | Maintainability | Default Graph (primary)9001 |
Content History| Submissions | ||||
|---|---|---|---|---|
| Submission Date | Submitter | Organization | Source | |
| CQE Team | MITRE | Internal CQE Team | ||
