Some APIs intentionally return a null reference to indicate that instances are unavailable. This practice can lead to denial-of-service vulnerabilities when the client code fails to explicitly handle the null return case. A null reference is an example of an out-of-band error indicator, which is discouraged by ERR52-JG. Avoid in-band error indicators.
Noncompliant Code Example
...