Common Quality Enumeration

Software that is unaware of array index bounds incurs the risk of corruption of relevant memory, and perhaps instructions, possibly leading to a crash, the risk of data integrity loss, and the risk of unauthorized access to sensitive data.

Software featuring weak authentication practices incurs the risk of exposing resources and functionality to unintended actors, possibly leading to compromised sensitive information and even the execution of arbitrary code.

Software deployed in distributed environment that does not maintain redundancy of data (such as cache) and code increases the time with which they are accessed.

Software that does not properly represent comments can cause excessive modification effort.

Software featuring known under-efficient coding practices requires excessive computational resources.

Software featuring known under-efficient SQL Query and Data Access constructs requires excessive computational resources.

Software that does not follow the principles of data encapsulation incurs the risk of data corruption.

Software without consistently-enforced approach to data integrity management incurs the risk of behaving unexpectedly.

Software featuring network configuration within its own code incurs the risk of failure when the remote resource changes.

Software without consistent and complete handling of errors and exceptions makes it impossible to accurately identify and adequately respond to unusual and unexpected situations.

Software unaware of accurate execution status control incurs the risk of bad data being used in operations, possibly leading to a crash or other unintended behaviors.

Software that is unaware of file path control incurs the risk of exposition of sensitive data, the risk of corruption of critical files, such as programs, libraries, or important data used in protection mechanisms.

Software unaware of file upload control incurs the risk of arbitrary code execution or other unexpected behaviors based on the type, extension, or other properties of the uploaded file.

Software that depends on hard-coded pieces of information within its own code reduces adaptability.

Software that does not follow the principles of inheritance and polymorphism results in unexpected behaviors.

Software featuring weak initialization practices incurs the risk of logic errors within the program, possibly leading to a security problem.

Software unaware of iteration control incurs the risk of unexpected consumption of resources, such as CPU cycles or memory, possibly leading to a crash or program exit due to exhaustion of resources.

Software that does not follow the principles of layered architectures (such as strict partitioning and strict call hierarchy) decreases comprehensibility as well as simplicity to evolve the code.

Software featuring inconsistent locking discipline incurs the risk of deadlock.

When software does not properly manage memory, it can consume more memory than is necessary or incur the risk of corruption of relevant memory - and perhaps instructions - possibly leading to a crash, the risk of data integrity loss, and the risk of unauthorized access to sensitive data.

Software that does not follow the principles of modularity causes excessive propagation of modification impacts.

Software featuring weak numerical conversion practices incurs the risk of using the wrong number and generating incorrect results, possibly introducing new vulnerability when related to resource allocation and security decisions.

Software unaware of OS command control incurs the risk of unauthorized command execution, possibly used to disable the software, or possibly leading to unauthorized read and modify data access.

Software that is unaware of formatting control incurs the risk of execution of arbitrary code, excessive memory or disk consumption, or the risk of information disclosure, which can severely simplify exploitation of the software.

Software featuring weak output generation practices incurs the risk of arbitrary code execution, the risk of sensitive data being compromised, and many other nefarious consequences.

Software that is unaware of recursion incurs the risk of exceeding resource and capacity limits.

Software featuring blocking calls to remote systems incurs the risk of its own failure when the remote systems fails to process the call correctly.

Software that is unaware of resource bounds or fails to monitor resources incurs the risk of exceeding resource and capacity limits.

Software unaware of resource identification control incurs the risk of unauthorized access to or modification of sensitive data and system resources, including configuration files and files containing sensitive information.

Software unaware of resource lifecycle incurs the risk of preventing all other processes from accessing the same type of resource.

Software that is unaware of resource bounds or fails to monitor resources incurs the risk of exceeding resource and capacity limits.

Software that does not follow the principles of reuse requires more maintenance effort in order to propagate changes to all instances of duplicated code.

Software unaware of SQL command control incurs the risk of unauthorized read, modify, and delete access to sensitive data.

Software deployed in multi-thread environments that does not protect their state can experience deadlock or livelock.

Software that does not leverage database capabilities to efficiently run data processing (such as stored procedures and functions) requires excessive computational resources.

Software that does not follow the principles of structured programming degrades comprehensibility.

Software that does not cap the number of data operations degrades comprehensibility by requiring the understanding of too many external data structures.

Software that does not cap the number of parameters degrades comprehensibility.