Excessive Code Complexity
This weakness occurs when software contains sections of code that are unnecessarily intricate, as measured by established complexity metrics like cyclomatic complexity or cognitive load scores.
Overly complex code creates a direct maintenance burden, obscuring logic and making it harder for developers to understand data flows and security controls. This lack of clarity slows down security reviews and vulnerability fixes, increasing the chance that critical flaws are missed or that new bugs are introduced during modifications. Complex code can also degrade performance, leading to resource exhaustion or timing issues. If an attacker can trigger these inefficient code paths, they may exploit the resulting slowdowns to cause denial-of-service conditions or bypass security mechanisms that depend on predictable execution times.
Impact: Reduce Maintainability
Impact: Reduce Performance