CWE-1085: Invokable Control Element with Excessive Volume of Commented-out Code

Description

A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.

Extended Description

This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities. While the interpretation of "excessive volume" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
None listed.

Common Consequences

Impact: Reduce Maintainability — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None listed.

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list