Violation of Secure Design Principles
Weakness ID: 657 (Weakness Class)Status: Draft
+ Description

Description Summary

The product violates well-established principles for secure design.

Extended Description

This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.

+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory17Code
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class710Coding Standards Violation
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class250Execution with Unnecessary Privileges
Development Concepts699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class636Not Failing Securely ('Failing Open')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class637Failure to Use Economy of Mechanism
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class638Failure to Use Complete Mediation
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base653Insufficient Compartmentalization
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base654Reliance on a Single Factor in a Security Decision
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base655Insufficient Psychological Acceptability
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base656Reliance on Security through Obscurity
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class671Lack of Administrator Control over Security
Development Concepts (primary)699
Research Concepts (primary)1000
+ References
Jerome H. Saltzer and Michael D. Schroeder. "The Protection of Information in Computer Systems". Proceedings of the IEEE 63. September, 1975. <http://web.mit.edu/Saltzer/www/publications/protection/>.
Sean Barnum and Michael Gegick. "Design Principles". 2005-09-19. <https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/principles/358.html>.
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships
Back to top