Risk Assessment Summary
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
MET00-J | High | Likely | High | P9 | L2 |
MET01-J | Medium | Probable | Medium | P8 | L2 |
MET02-J | Low | Unlikely | Medium | P2 | L3 |
MET03-J | Medium | Probable | Medium | P8 | L2 |
MET04-J | Medium | Probable | Medium | P8 | L2 |
MET05-J | Medium | Probable | Medium | P8 | L2 |
MET06-J | Medium | Probable | Low | P12 | L1 |
MET07-J | Low | Unlikely | Medium | P2 | L3 |
MET08-J | Low | Unlikely | Medium | P2 | L3 |
MET09-J | Low | Unlikely | High | P1 | L3 |
MET10-J | Medium | Unlikely | Medium | P4 | L3 |
MET11-J | Low | Probable | High | P2 | L3 |
MET12-J | Medium | Probable | Medium | P8 | L2 |
MET13-J | Medium | Likely | High | P6 | L2 |
Jonathan Paulson
It might be worth adding [Rogue 2000] rule 80: Always construct objects in a valid state.
David Svoboda
Such a rule would belong in the OBJ section. The rule OBJ05-J. Do not allow access to partially initialized objects addresses the potential of constructing invalid 'zombie' objects, pointing out that it is harder to maintain a design that securely allows objects to be constructed in an invalid state.
the tinylink of this index page "https://www.securecoding.cert.org/confluence/x/toUbAQ" does not work...
(Page Not Found)
David Svoboda
It's working now.
My method argument are javabean. Not sure about how to validate javabean type argument. using fortify tool which complain about trusting non validated argument. I appreciate your response on jwalantonline .at gmail.