Kingdom: Code Quality

Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.

Code Correctness: Readonly Collection Reference

Abstract
The readonly keyword enforces the rule that the variable must be initialized as it's declared or in the constructor and cannot be modified anywhere else. This works as expected for value types, however the content of objects and lists are still modifiable even if it is declared as private readonly.
Explanation
Returning a private readonly list variable from a getter-only property allows the calling code to modify the contents of the list, effectively giving the list write access and contradicting the intentions of the programmer who made it private readonly.

Example 1: The following code contains a list _item which is declared as private readonly.

class Order
{
private readonly List<string> _item = new List<string>();
public IEnumerable<string> Item { get { return _item; } }

public Order()
{
/*class initialize */
}

/*some important function......*/
}
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 398
desc.structural.dotnet.code_correctness_readonly_collection_reference