Reliability Weakness Descriptions
This document presents descriptions of the 29 weaknesses contained in the CISQ Automated
Quality Characteristic Measure for Reliability. These descriptions have been simplified from
their description in the published OMG® specification that used formalisms from other OMG
meta-models to specify the weaknesses for representation in machine-processable XMI
notation. The tables below present each weakness with its unique CISQ identifier, a brief
descriptive name, and a fuller description of the weakness presented as a recommendation for
remediation.
Reliability Weaknesses
a measure of the extent to which software contains weaknesses that cause outages, unexpected
behavior, instability, data corruption, long recovery times, or other related problems.
CISQ identifier Descriptor Remediation
ASCRM-CWE-120
Buffer overflow
Remove instances where the content of the first buffer
is moved into the content of the second buffer while
their allocated sizes are incompatible
ASCRM-CWE-252-
data
Unchecked return
parameter from data
handling operations
Remove instances where a function, method,
procedure, stored procedure, sub-routine, etc. executes
a CRUD SQL statement, yet the return code value of the
action is not checked anywhere
ASCRM-CWE-252-
resource
Unchecked return
parameter from
resource handling
operations
Remove instances where a function, method,
procedure, stored procedure, sub-routine, etc. reads,
writes, or manages an external resource, yet the return
code value of the action is not checked anywhere
ASCRM-CWE-396
Catch of overly broad
exception types
Remove instances where a function, method,
procedure, stored procedure, sub-routine, etc. contains
a catch of an exception whose type is part of a list of
overly broad exception types
ASCRM-CWE-397
Throw of overly
broad exception
types
Remove instances where a function, method,
procedure, stored procedure, sub-routine, etc. throws
an exception whose type is part of a list of overly broad
exception types
ASCRM-CWE-456
Uninitialized data
element
Remove instances where a variable, field, member, etc.
is declared, then is evaluated without ever being
initialized prior to the evaluation
ASCRM-CWE-674
Recursion
Remove instances in which a control element initiates
an execution path that contains itself
ASCRM-CWE-704
Incompatible data
type conversion
Remove instances where a variable, field, member, etc.
is declared with a data type, and then is updated with a
value from a second data type that is incompatible with
the first data type
