This rule was developed in part by Aashirya Kaushik and Stephanie Colton at the October 20-22, 2017 OurCS Workshop (http://www.cs.cmu.edu/ourcs/register.html).
For more information about this statement, see the About the OurCS Workshop page.

Under Construction

This guideline is under construction. 


In this space, describe the overall rule.

Noncompliant Code Example

This noncompliant code example shows an application that ...

TBD

...

Compliant Solution

In this compliant solution ...:

TBD

Exceptions


Risk Assessment

Summary of risk assessment.

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

DRD25



No

No

 

 

Automated Detection

Tool

Version

Checker

Description

TBD

 


Related Vulnerabilities

Hyperlink black-font text "the CERT website" below, with URL as follows: https://www.kb.cert.org/vulnotes/bymetric?searchview&query=FIELD+KEYWORDS+contains+<RULE_ID>

In the URL example above, <RULE_ID> should be substituted by this CERT guideline ID (e.g., INT31-C). Then, remove this purple-font paragraph.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

 CWE326: Inadequate Encryption Strength
CWE182: Collapse of Data into Unsafe Value

Bibliography

Genkin 2016
Cauligi 2017