Violation of Secure Design Principles |
Weakness ID: 657 (Weakness Class) | Status: Draft |
Description Summary
The product violates well-established principles for secure design.
Extended Description
This can introduce resultant weaknesses or make it easier for developers to introduce related weaknesses during implementation. Because code is centered around design, it can be resource-intensive to fix design problems.
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 17 | Code | Development Concepts (primary)699 |
ChildOf | Weakness Class | 710 | Coding Standards Violation | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 250 | Execution with Unnecessary Privileges | Development Concepts699 Research Concepts (primary)1000 |
ParentOf | Weakness Class | 636 | Not Failing Securely ('Failing Open') | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Class | 637 | Failure to Use Economy of Mechanism | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Class | 638 | Failure to Use Complete Mediation | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 653 | Insufficient Compartmentalization | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 654 | Reliance on a Single Factor in a Security Decision | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 655 | Insufficient Psychological Acceptability | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 656 | Reliance on Security through Obscurity | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Class | 671 | Lack of Administrator Control over Security | Development Concepts (primary)699 Research Concepts (primary)1000 |
Jerome H. Saltzer and Michael D. Schroeder. "The Protection of Information in Computer Systems". Proceedings of the IEEE 63. September, 1975. <http://web.mit.edu/Saltzer/www/publications/protection/>. |
Sean Barnum and Michael Gegick. "Design Principles". 2005-09-19. <https://buildsecurityin.us-cert.gov/daisy/bsi/articles/knowledge/principles/358.html>. |