Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-16776 | APP2060 | SV-17776r1_rule | DCSQ-1 | Medium |
Description |
---|
Implementing coding standards provides many benefits to the development process. These benefits include readability, consistency, and ease of integration. Code conforming to a standard format is easier to read, especially if someone other than the original developer is examining the code. In addition, formatted code can be debugged and corrected faster than unformatted code. Introducing coding standards can help increase the consistency, reliability, and security of the application by ensuring common programming structures and tasks are handled by similar methods, as well as, reducing the occurrence of common logic errors. Coding standards also allow developers to quickly adapt to code which has been developed by various members of a development team. Coding standards are useful in the code review process as well as in situations where a team member leaves and duties must then be assigned to another team member. Coding standards often cover the use of white space characters, variable naming conventions, function naming conventions, and comment styles. |
STIG | Date |
---|---|
Application Security and Development Checklist | 2014-01-07 |
Check Text ( C-17752r1_chk ) |
---|
The Program Manager will ensure the development team follows a set of coding standards. The Program Manager will ensure the development team creates a list of unsafe functions to avoid and document this list in the coding standards. The Designer will follow the established coding standards established for the project. The Designer will not use unsafe functions documented in the project coding standards. If the application is a COTS/GOTS product or is composed of only COTS/GOTS products with no custom code, this check does not apply unless the application is being reviewed by or in conjunction with the COTS/GOTS vendor in which case this check is applicable. Interview the application representative to determine if a documented set of coding standards exists. Ask the application representative to demonstrate coding standards are being followed by reviewing a sample of code. Also, check the coding standards for a list of unsafe functions or section documenting there are no unsafe functions. 1) If no coding standards exist at an organizational or project level, it is a finding. 2) If documented coding standards are not being followed, it is a finding. 3) If there is no documented list of unsafe functions, or the coding standards do not document that there are no unsafe functions (for that particular language), it is a finding. |
Fix Text (F-16973r1_fix) |
---|
Adopt and document coding standards. |