||The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption.
||The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept.
||If a form bean does not extend an ActionForm subclass of the Validator framework, it can expose the application to other weaknesses related to insufficient input validation.
||The software has multiple functions, methods, procedures, macros, etc. that
contain the same code.
||The code contains a member element that is declared as static (but not final), in which
its parent class element
is not a singleton class - that is, a class element that can be used only once in
the 'to' association of a Create action.
||The software uses a data element that has an excessively large
number of sub-elements with non-primitive data types such as structures or aggregated objects.
||The software's architecture contains too many - or too few -
||A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.
||The software creates an immutable text string using string concatenation operations.
||The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.