Category: CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
Obsolete
Summary
Weaknesses in this category are related to the rules and recommendations in the Declarations and Initialization (DCL) chapter of the CERT C Secure Coding Standard (2008).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-547 | Use of Hard-coded, Security-relevant Constants | This vulnerability occurs when code directly embeds security-critical values like passwords, cryptographic keys, or access levels as raw numbers or strings, instead of using named constants or configuration files. This practice makes the code brittle and error-prone during updates or security reviews. |
| CWE-628 | Function Call with Incorrectly Specified Arguments | This weakness occurs when a function is called with arguments that are incorrectly specified, causing the function to behave in an unintended and consistently wrong manner. |
| CWE-686 | Function Call With Incorrect Argument Type | This vulnerability occurs when a program calls a function or method but passes an argument of the wrong data type, which can cause unexpected behavior or security flaws. |
| CWE-734 | Weaknesses Addressed by the CERT C Secure Coding Standard (2008) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT C Secure Coding Standard" published in 2008. This view is considered obsolete, as a newer version of the coding standard is available. This view statically represents the coding rules as they were in 2008. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.