CISQ Quality Measures (2016) - Security

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buf...

Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.

Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.

The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource th...

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but ...

The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes...

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralize...

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index ref...

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting va...

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of mem...

The product does not initialize critical variables, which causes the execution environment to use unexpected values.

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because of excessive loo...

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

The product allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.

The product uses a broken or risky cryptographic algorithm or protocol.

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to exter...

This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristi...