CISQ Quality Measures - Reliability
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the CISQ Quality Measures for Reliability. Presence of these weaknesses could reduce the reliability of the software.
The code contains a class instance that calls the method or function to delete or destroy itself.
A class contains a virtual method, but the method does not have an associated virtual destructor.
The product compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.
The product is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs ...
The code contains a data element with a pointer that does not have an associated copy or constructor method.
The product detects a specific error, but takes no actions to handle the error.
The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account...
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
The product does not release or incorrectly releases a resource before it is made available for re-use.
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.
The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not ...
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting va...
The product does not correctly convert an object, resource, or structure from one type to a different type.
The product initializes data using hard-coded values that act as network resource identifiers.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
The product contains a serializable data element that does not have an associated serialization method.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
The product omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.
A parent class contains one or more child classes, but the parent class does not have a virtual destructor method.
The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.
The product contains a serializable, storable data element such as a field or member, but the data element contains member elements that are not serializable.
The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.
The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
The product uses or accesses a resource that has not been initialized.
This view outlines the most important software quality issues as identified by the Consortium for Information & Software Quality (CISQ) Automated Quality Characteristi...
- Automated Source Code Quality Measures
Consortium for Information & Software Quality (CISQ)