CWE-1115 没有标准序言的源代码元素

Source Code Element without Standard Prologue

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown

基本描述

The source code contains elements such as source files that do not consistently provide a prologue or header that has been standardized for the project.

扩展描述

The lack of a prologue can make it more difficult to accurately and quickly understand the associated code. Standard prologues or headers may contain information such as module name, version number, author, date, purpose, function, assumptions, limitations, accuracy considerations, etc.

This issue makes it more difficult to maintain the software due to insufficient analyzability, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

相关缺陷

• cwe_Nature: ChildOf cwe_CWE_ID: 1078 cwe_View_ID: 1000 cwe_Ordinal: Primary

• cwe_Nature: ChildOf cwe_CWE_ID: 1078 cwe_View_ID: 699 cwe_Ordinal: Primary

引用

• REF-963 Providing a Framework for Effective Software Quality Assessment