CWE-1085β€”Invokable Control Element with Excessive Volume of Commented-out Code

PUBLISHEDweakness record
released 2019-01-03 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-1085
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2019-01-03
Latest Modification Date:
2025-12-11

Weakness Name

Invokable Control Element with Excessive Volume of Commented-out Code

Description

A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body.

While the interpretation of "excessive volume" may vary for each product or developer, CISQ recommends a default threshold of 2% of commented code.

Common Consequences

Scope:
Other
Impact:
Reduce Maintainability
Notes:
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.

Related Weaknesses