Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Portability Flaw
Abstract
Functions with inconsistent implementations across operating systems and operating system versions cause portability problems.
Explanation
The behavior of functions in this category varies by operating system, and at times, even by operating system version. Implementation differences can include:
- Slight differences in the way parameters are interpreted leading to inconsistent results.
- Some implementations of the function carry significant security risks.
- The function might not be defined on all platforms.
- Slight differences in the way parameters are interpreted leading to inconsistent results.
- Some implementations of the function carry significant security risks.
- The function might not be defined on all platforms.
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 474
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001310
[3] Standards Mapping - NIST Special Publication 800-53 Revision 4 SI-10 Information Input Validation (P1)
[4] Standards Mapping - NIST Special Publication 800-53 Revision 5 SI-10 Information Input Validation
[5] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002520 CAT II
[6] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002520 CAT II
[7] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002520 CAT II
[8] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002520 CAT II
[9] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002520 CAT II
[10] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002520 CAT II
[11] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002520 CAT II
[12] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002520 CAT II
[13] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002520 CAT II
[14] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002520 CAT II
[15] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002520 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002520 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002520 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002520 CAT II
[19] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002520 CAT II
desc.semantic.cpp.portability_flaw