CISQ Quality Measures - Reliability

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the CISQ Quality Measures for Reliability. Presence of these weaknesses could reduce the reliability of the software.

Weaknesses

Class Instance Self Destruction Control Element

The code contains a class instance that calls the method or function to delete or destroy itself.

Class with Virtual Method without a Virtual Destructor

A class contains a virtual method, but the method does not have an associated virtual destructor.

Comparison of Object References Instead of Object Contents

The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.

Data Access from Outside Expected Data Manager Component

The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs...

Data Element containing Pointer Item without Proper Copy Control Element

The code contains a data element with a pointer that does not have an associated copy or constructor method.

Detection of Error Condition Without Action

The software detects a specific error, but takes no actions to handle the error.

Floating Point Comparison with Incorrect Operator

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account...

Improper Check or Handling of Exceptional Conditions

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

Improper Initialization

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Improper Null Termination

The software does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.

Improper Protection of Alternate Path

The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.

Improper Resource Shutdown or Release

The program does not release or incorrectly releases a resource before it is made available for re-use.

Improper Restriction of Operations within the Bounds of a Memory Buffer

The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Improper Synchronization

The software utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not...

Incomplete Cleanup

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

Incorrect Calculation

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting va...

Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

Initialization with Hard-Coded Network Resource Configuration Data

The software initializes data using hard-coded values that act as network resource identifiers.

Loop with Unreachable Exit Condition ('Infinite Loop')

The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Missing Serialization Control Element

The software contains a serializable data element that does not have an associated serialization method.

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Omitted Break Statement in Switch

The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...

Operation on a Resource after Expiration or Release

The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor

A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.

Parent Class without Virtual Destructor Method

A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

Return of Stack Variable Address

A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.

Serializable Data Element Containing non-Serializable Item Elements

The software contains a serializable, storable data element such as a field or member, but the data element contains member elements that are not serializable.

Synchronous Access of Remote Resource without Timeout

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

Unchecked Return Value

The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Unexpected Status Code or Return Value

The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.

Use of Incorrect Operator

The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.

Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized.

Concepts

CISQ Quality Measures (2020)

This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristi...

See Also

  1. Automated Source Code Quality Measures

    Consortium for Information & Software Quality (CISQ)


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.