logo

Missing Standardized Error Handling Mechanism

Draft Base
Structure: Simple
Description

This weakness occurs when software lacks a unified, consistent approach to managing errors across its codebase, leading to unpredictable security gaps and unreliable behavior.

Extended Description

When error handling is implemented ad-hoc—dealt with differently in each function or module—it creates a patchwork of responses. This inconsistency makes the system harder to debug and maintain, as errors can be silently ignored, improperly logged, or handled in ways that don't adequately protect the application's state. The root cause of failures often gets lost, making defects persistent and difficult to trace. Furthermore, inconsistent error management frequently leads to information leaks. Without a standardized mechanism controlling what details are shown, sensitive debug data, stack traces, or system information can be accidentally exposed to end-users. This provides attackers with valuable intelligence about the system's internal structure and potential points of failure, significantly increasing the risk of further exploitation.
Common Consequences 1
Scope: IntegrityOther

Impact: Quality DegradationUnexpected StateVaries by Context
Potential Mitigations 1
Phase: Architecture and Design
define a strategy for handling errors of different severities, such as fatal errors versus basic log events. Use or create built-in language features, or an external package, that provides an easy-to-use API and define coding standards for the detection and handling of errors.
Modes of Introduction
Architecture and Design
Related Weaknesses
ChildOf: Improper Handling of Exceptional Conditions (CWE-755)
Taxonomy Mapping
  • CERT C Secure Coding