CWE-1085: Invokable Control Element with Excessive Volume of Commented-out Code

ID CWE-1085

Abstraction Base

Structure Simple

Status Incomplete

A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.

This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

While the interpretation of "excessive volume" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code.

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-1078	Inappropriate Source Code Style or Formatting	Class	Simple	Incomplete