This rule was developed in part by Aashirya Kaushik and Stephanie Colton at the October 20-22, 2017 OurCS Workshop (http://www.cs.cmu.edu/ourcs/register.html). For more information about this statement, see the About the OurCS Workshop page. |
---|
This guideline is under construction. |
In this space, describe the overall rule.
This noncompliant code example shows an application that ...
TBD |
...
In this compliant solution ...:
TBD |
Summary of risk assessment.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
TBD |
|
|
|
|
|
Tool | Version | Checker | Description |
---|---|---|---|
TBD |
|
Hyperlink black-font text "the CERT website" below, with URL as follows: https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+<RULE_ID>
In the URL example above, <RULE_ID> should be substituted by this CERT guideline ID (e.g., INT31-C). Then, remove this purple-font paragraph.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
CWE | 326: Inadequate Encryption Strength |
CWE | 182: Collapse of Data into Unsafe Value |
Genkin 2016 | |
Cauligi 2017 |