| Wiki Markup |
|---|
Each rule and recommendation in a secure coding standard has an assigned priority. Priorities are assigned using a metric based on Failure Mode, Effects, and Criticality Analysis (FMECA) \[[IEC 60812|AA. C References#IEC 60812 2006]\]. Three values are assigned for each rule on a scale of 1 -to 3 for |
- severity - how serious are the consequences of the rule being ignored
1 = low (denial-of-service attack, abnormal termination)
2 = medium (data integrity violation, unintentional information disclosure)
3 = high (run arbitrary code)
...
- remediation cost - how expensive is it to comply with the rule
1 = high (manual detection and correction)
2 = medium (automatic detection / and manual correction)
3 = low (automatic detection and correction)
...