CWE-500

Public Static Field Not Marked Final

Variant

Draft

An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.

Public static variables can be read without an accessor and changed without a mutator by any classes in the application.

Parent Weaknesses (ChildOf)

Scope

Integrity

Impact

Modify Application Data

Scope

Confidentiality

Impact

Read Application Data

Architecture and Design

Clearly identify the scope for all critical data elements, including whether they should be regarded as static.

Implementation

Make any static fields private and constant. A constant field is denoted by the keyword 'const' in C/C++ and ' final' in Java

C++

Java

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.