All the variables in the source code must be explicitly initialized.
This requirement is verified in following services
- CWE™-456. Missing initialization of a variable
- CWE™-457. Use of uninitialized variable
- CERT-C-EXP33-C. Do not read uninitialized memory
- MITRE ATT&CK®-M1013. Application developer guidance
- ISO/IEC 27002-8_28. Secure coding
- NIST SSDF-PW_5_1. Archive and protect each software release
- OWASP SAMM-IR_3. Code review process to discover language-level and application-specific risks
- C2M2-9_4_d. Implement software security for cybersecurity architecture
- ISO/IEC 27001-8_28. Secure coding
Search for vulnerabilities in your apps for free with our automated security testing! Start your 21-day free trial and discover the benefits of our Continuous Hacking Machine Plan. If you prefer a full service that includes the expertise of our ethical hackers, don't hesitate to contact us for our Continuous Hacking Squad Plan.