CWE-1044: Architecture with Number of Horizontal Layers Outside of Expected Range
ID
CWE-1044
Abstraction
Base
Structure
Simple
Status
Incomplete
The product's architecture contains too many - or too few -
horizontal layers.
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
While the interpretation of "expected range" may vary for each product or developer, CISQ recommends a default minimum of 4 layers and maximum of 8 layers.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design |
Loading...