This rule was developed in part by <Emma Krummenacher> at the October 20-22, 2017 OurCS Workshop (http://www.cs.cmu.edu/ourcs/register.html).

For more information about this statement, see the About the OurCS Workshop page.

This guideline is under construction. 

 

This is just a place holder for now.

The rule will say not to trust libraries, paths to libraries that are in world writable media, and do not process data from world writable sources.  However, I do not see anything here that is Android specific.

Is there something particular about Android that makes this sort of behaviour more likely?

Noncompliant Code Example

This noncompliant code example shows an application that ...

TBD

...

Compliant Solution

In this compliant solution ...:

TBD

Risk Assessment

TBD

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRD12-J

High

Probable

Medium

P12

L1

Automated Detection

TBD

Bibliography

[TBD]