Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
This weakness occurs when code in one architectural layer directly calls functions or methods in a much deeper layer, skipping over the intermediate layers that should normally handle the request. It bypasses the intended layered structure, similar to a manager going directly to an intern instead of working through the team lead.
Skipping architectural layers creates tightly coupled, fragile code that is difficult to understand, debug, and modify. When a layer directly depends on the internal workings of a layer several levels down, any change in that deep layer can cause unexpected breaks far up the chain. This "architectural shortcut" obscures the normal flow of data and control, making the system behave unpredictably and increasing technical debt. From a security perspective, this complexity indirectly introduces risk. It becomes harder to enforce consistent security checks, data validation, or logging when calls bypass intermediate layers that often contain these controls. Auditing for vulnerabilities is more time-consuming, and fixes are riskier to implement, making it easier for security flaws to be introduced and persist in the codebase.
Impact: Reduce Maintainability
- OMG ASCMM