Rules
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| MET00-J | High | Likely | No | No | P9 | L2 |
| MET01-J | Medium | Probable | No | Yes | P8 | L2 |
| MET02-J | Low | Unlikely | Yes | No | P2 | L3 |
| MET03-J | Medium | Probable | No | No | P4 | L3 |
| MET04-J | Medium | Probable | Yes | No | P8 | L2 |
| MET05-J | Medium | Probable | Yes | No | P8 | L2 |
| MET06-J | Medium | Probable | Yes | No | P8 | L2 |
| MET07-J | Low | Unlikely | Yes | No | P2 | L3 |
| MET08-J | Low | Unlikely | No | No | P1 | L3 |
| MET09-J | Low | Unlikely | Yes | No | P2 | L3 |
| MET10-J | Medium | Unlikely | No | No | P2 | L3 |
| MET11-J | Low | Probable | Yes | No | P4 | L3 |
| MET12-J | Medium | Probable | Yes | No | P8 | L2 |
| MET13-J | Medium | Likely | No | No | P6 | L2 |
5 Comments
Jonathan Paulson
Mar 23, 2011It might be worth adding [Rogue 2000] rule 80: Always construct objects in a valid state.
David Svoboda
Mar 24, 2011Such a rule would belong in the OBJ section. The rule OBJ05-J. Do not allow access to partially initialized objects addresses the potential of constructing invalid 'zombie' objects, pointing out that it is harder to maintain a design that securely allows objects to be constructed in an invalid state.
Yozo TODA
Jul 13, 2011the tinylink of this index page "https://www.securecoding.cert.org/confluence/x/toUbAQ" does not work...
(Page Not Found)
mis-configuration?
David Svoboda
Jul 14, 2011It's working now.
Jwalant
Mar 03, 2015My method argument are javabean. Not sure about how to validate javabean type argument. using fortify tool which complain about trusting non validated argument. I appreciate your response on jwalantonline .at gmail.