Page History

Each rule and recommendation in a secure coding standard has an assigned priority. Priorities are assigned using a metric based on Failure Mode, Effects, and Criticality Analysis (FMECA). Three values are assigned for each rule on a scale of 1 - 3 for:

• criticality severity - how serious are the consequences of the rule being ignored;
  1 = low (denial-of-service attack, abnormal termination)
  2 = medium (data integrity, unintentional information disclosure)
  3 = high (run arbitrary code)

...