Category: SFP Secondary Cluster: Implementation

Incomplete

Summary

This category identifies Software Fault Patterns (SFPs) within the Implementation cluster.

Membership

ID	Name	Description
CWE-358	Improperly Implemented Security Check for Standard	This vulnerability occurs when software fails to correctly implement one or more critical security checks required by a standard protocol, algorithm, or security technique.
CWE-623	Unsafe ActiveX Control Marked Safe For Scripting	This vulnerability occurs when an ActiveX control designed for limited use is incorrectly flagged as safe for scripting, allowing web pages to access its potentially dangerous functions.
CWE-710	Improper Adherence to Coding Standards	This weakness occurs when developers don't consistently follow established coding standards and best practices, which can introduce security flaws or make existing vulnerabilities more severe.
CWE-888	Software Fault Pattern (SFP) Clusters	CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).
CWE-398	7PK - Code Quality	This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that do not directly introduce a weakness or vulnerability, but indicate that the product has not been carefully developed or maintained. According to the authors of the Seven Pernicious Kingdoms, "Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an adversary it provides an opportunity to stress the system in unexpected ways."

Vulnerability Mapping Notes

Usage: Prohibited

Reasons: Category

Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comment:

See member weaknesses of this category.