||The software uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.
||The code contains a function or method that
operates in a multi-threaded environment but owns an unsafe non-final
static storable or member data element.
||The documentation, whether on paper or in electronic form, does
not contain descriptions of all the relevant elements of the product, such as
its usage, structure, interfaces, design, implementation, configuration,
||When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation.
||The software performs too many data queries without using efficient data processing functionality such as stored procedures.
||The software does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend.
||The code has a parent class that contains references to a child class, its methods, or its members.
||A static code block creates an instance of a class.
||The software contains a function, subroutine, or method whose signature has an unnecessarily large number of
||The application uses deployed components from application servers, but it also uses low-level functions/methods for management of resources, instead of the API provided by the application server.