CERT
Skip to end of metadata
Go to start of metadata

Rules

Risk Assessment Summary

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET00-J

High

Likely

High

P9

L2

MET01-J

Medium

Probable

Medium

P8

L2

MET02-J

Low

Unlikely

Medium

P2

L3

MET03-J

Medium

Probable

Medium

P8

L2

MET04-J

Medium

Probable

Medium

P8

L2

MET05-J

Medium

Probable

Medium

P8

L2

MET06-J

Medium

Probable

Low

P12

L1

MET07-J

Low

Unlikely

Medium

P2

L3

MET08-J

Low

Unlikely

Medium

P2

L3

MET09-J

Low

Unlikely

High

P1

L3

MET10-J

Medium

Unlikely

Medium

P4

L3

MET11-J

Low

Probable

High

P2

L3

MET12-J

Medium

Probable

Medium

P8

L2

 


5 Comments

  1. It might be worth adding [Rogue 2000] rule 80: Always construct objects in a valid state.

    1. Such a rule would belong in the OBJ section. The rule OBJ05-J. Do not allow access to partially initialized objects addresses the potential of constructing invalid 'zombie' objects, pointing out that it is harder to maintain a design that securely allows objects to be constructed in an invalid state.

  2. the tinylink of this index page "https://www.securecoding.cert.org/confluence/x/toUbAQ" does not work...
    (Page Not Found)

    mis-configuration?

  3. My method argument are javabean. Not sure about how to validate javabean type argument. using fortify tool which complain about trusting non validated argument. I appreciate your response on jwalantonline .at gmail.