CWE-1044 - Architecture with Number of Horizontal Layers Outside of Expected Range
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2019-01-03
- Latest Modification Date:2024-02-29
Weakness Name
Architecture with Number of Horizontal Layers Outside of Expected Range
Description
The product's architecture contains too many - or too few - horizontal layers.
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities. While the interpretation of "expected range" may vary for each product or developer, CISQ recommends a default minimum of 4 layers and maximum of 8 layers.
Common Consequences
Scope: Other
Impact: Reduce Maintainability