Skip to content
ATO Pathways
Log In
Overview
Search
Catalogs
SCAP
OSCAL
Catalogs
Profiles
Documents
References
Knowledge Base
Platform Documentation
Compliance Dictionary
Platform Changelog
About
Catalogs
XCCDF
Application Security and Development Security Technical Implementation Guide
SRG-APP-000516
The application must not be vulnerable to race conditions.
The application must not be vulnerable to race conditions.
An XCCDF Rule
Details
Profiles
Prose
The application must not be vulnerable to race conditions.
Medium Severity
<VulnDiscussion>A race condition is a timing event within an application that can become a security vulnerability. A race condition can occur when a pair of programming calls operating simultaneously do not work in a sequential or coordinated manner. A race condition is a timing event within software that can become a security vulnerability if the calls are not performed in the correct order. There are different types of race conditions and they are dependent upon the action that the application is undertaking when the race condition occurs. Some examples of race conditions include but are not limited to: - Time of check, time of use: the time in which a given resource is checked, and the time that resource is used. - Thread based: two threads of execution use a resource simultaneously, resource may be invalid when used. - Switch based: variable switches values while switch statement is in progress. Developers must be cognizant of programming sequence and use sanity checks to validate data prior to acting upon it. A code review or a static code analysis is the method used to identify race conditions.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>