Failing to limit field accessibility can defeat encapsulation, allow attackers to manipulate fields to violate class invariants, or allow these fields to be corrupted as the result of concurrent accesses from multiple threads.
Detection of public and protected fields is trivial; heuristic detection of the presence or absence of accessor methods is straightforward. However, simply reporting all detected cases without suppressing those cases covered by the exceptions to this rule would produce excessive false positives. Sound detection and application of the exceptions to this rule is infeasible; however, heuristic techniques may be useful.
Implemented for public static
CWE-766, Critical Variable Declared Public
Guideline 6-8 / MUTABLE-8: Define wrapper methods around modifiable internal state
Item 13, "Minimize the Accessibility of Classes and Members"
Chapter 6, "Interfaces and Inner Classes"
Section 2.2, "Public Fields"