Rules

Risk Assessment Summary

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET00-JHighLikelyHigh

P9

L2

MET01-JMediumProbableMedium

P8

L2

MET02-JLowUnlikelyMedium

P2

L3

MET03-JMediumProbableMedium

P8

L2

MET04-JMediumProbableMedium

P8

L2

MET05-JMediumProbableMedium

P8

L2

MET06-JMediumProbableLow

P12

L1

MET07-JLowUnlikelyMedium

P2

L3

MET08-JLowUnlikelyMedium

P2

L3

MET09-JLowUnlikelyHigh

P1

L3

MET10-JMediumUnlikelyMedium

P4

L3

MET11-JLowProbableHigh

P2

L3

MET12-JMediumProbableMedium

P8

L2

MET13-JMediumLikelyHigh

P6

L2



5 Comments

  1. It might be worth adding [Rogue 2000] rule 80: Always construct objects in a valid state.

    1. Such a rule would belong in the OBJ section. The rule OBJ05-J. Do not allow access to partially initialized objects addresses the potential of constructing invalid 'zombie' objects, pointing out that it is harder to maintain a design that securely allows objects to be constructed in an invalid state.

  2. the tinylink of this index page "https://www.securecoding.cert.org/confluence/x/toUbAQ" does not work...
    (Page Not Found)

    mis-configuration?

  3. My method argument are javabean. Not sure about how to validate javabean type argument. using fortify tool which complain about trusting non validated argument. I appreciate your response on jwalantonline .at gmail.