Rules
Risk Assessment Summary
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
| MET00-J | High | Likely | High | P9 | L2 |
| MET01-J | Medium | Probable | Medium | P8 | L2 |
| MET02-J | Low | Unlikely | Medium | P2 | L3 |
| MET03-J | Medium | Probable | Medium | P8 | L2 |
| MET04-J | Medium | Probable | Medium | P8 | L2 |
| MET05-J | Medium | Probable | Medium | P8 | L2 |
| MET06-J | Medium | Probable | Low | P12 | L1 |
| MET07-J | Low | Unlikely | Medium | P2 | L3 |
| MET08-J | Low | Unlikely | Medium | P2 | L3 |
| MET09-J | Low | Unlikely | High | P1 | L3 |
| MET10-J | Medium | Unlikely | Medium | P4 | L3 |
| MET11-J | Low | Probable | High | P2 | L3 |
| MET12-J | Medium | Probable | Medium | P8 | L2 |
| MET13-J | Medium | Likely | High | P6 | L2 |
5 Comments
Jonathan Paulson
It might be worth adding [Rogue 2000] rule 80: Always construct objects in a valid state.
David Svoboda
Such a rule would belong in the OBJ section. The rule OBJ05-J. Do not allow access to partially initialized objects addresses the potential of constructing invalid 'zombie' objects, pointing out that it is harder to maintain a design that securely allows objects to be constructed in an invalid state.
Yozo TODA
the tinylink of this index page "https://www.securecoding.cert.org/confluence/x/toUbAQ" does not work...
(Page Not Found)
mis-configuration?
David Svoboda
It's working now.
Jwalant
My method argument are javabean. Not sure about how to validate javabean type argument. using fortify tool which complain about trusting non validated argument. I appreciate your response on jwalantonline .at gmail.