logo

Excessive Use of Self-Modifying Code

Incomplete Base
Structure: Simple
Description

The software relies heavily on code that rewrites itself during execution, making it difficult to analyze and maintain.

Extended Description

Self-modifying code changes its own instructions while running, which can be used for obfuscation or performance optimization. However, excessive use creates a complex and unpredictable codebase that is hard for developers to follow, test, or debug, as the logic at runtime differs from the source code. This complexity directly undermines security. It slows down vulnerability discovery and patching, as security reviews and static analysis tools struggle with the shifting code. This environment makes it easier to accidentally introduce new flaws and harder to ensure the software behaves as intended, increasing overall risk.
Common Consequences 1
Scope: Other

Impact: Reduce Maintainability
References 1
Providing a Framework for Effective Software Quality Assessment
Robert A. Martin and Lawrence H. Shafer
07-1996
https://www.researchgate.net/publication/285403022_PROVIDING_A_FRAMEWORK_FOR_EFFECTIVE_SOFTWARE_QUALITY_MEASUREMENT_MAKING_A_SCIENCE_OF_RISK_ASSESSMENT(2023-04-07)
ID: REF-963
Related Weaknesses
ChildOf: Excessive Code Complexity (CWE-1120)