CWE-487

Reliance on Package-level Scope

Base

Incomplete

Description

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

Parent Weaknesses (ChildOf)

CWE-664: Improper Control of a Resource...

Common Consequences

Scope

Confidentiality

Impact

Read Application Data

Scope

Integrity

Impact

Modify Application Data

Potential Mitigations

Architecture and Design

Implementation

Data should be private static and final whenever possible. This will assure that your code is protected by instantiating early, preventing access and tampering.

Applicable Platforms

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now