...
Detecting code that should be considered privileged or sensitive requires programmer assistance. Given identified privileged code as a starting point, automated tools could compute the closure of all code that can be invoked from that point. Such a tool could plausibly determine whether all code in that closure exists within a single package. A further check of whether the package is sealed appears feasible.
Related
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CWE ID 349, "Acceptance of Extraneous Untrusted Data With Trusted Data" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fa7dfba9e9dd9fcd-b433ca4f-4acf4b77-bfa79eb2-866d79fb628c0cb3c1c43be8"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="83aafde9e046a4b4-57816c48-4d0942ff-8395a729-1ae5da54fb6aa55dd5ac8a5a"><ac:plain-text-body><![CDATA[ | [[McGraw 1999 | AA. Bibliography#Ware 99]] | Rule 7: If You Must Sign Your Code, Put It All in One Archive File (sic) | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="fe6d4ac8b1d44fce-25ab3a1a-423f4562-87bfbbca-faa452acfe32b397aceb280d"><ac:plain-text-body><![CDATA[ | [[Ware 2008 | AA. Bibliography#Ware 08]] |
| ]]></ac:plain-text-body></ac:structured-macro> |
...