It also provides details on various issues and problems that the security aspects cover and they help in understanding why a particular Quality Rule has been marked under the Security Health Factor.
Please refer to the below pages in the documentation which are helpful in knowing the problems that are associated to the Application Security -
1. Support of the CISQ/OMG Automated Source Code Measurement Standards: This link provides the documentation on the Measurement Standards for every technology like JEE, .NET, SAP, COBOL, etc.
2. Supported Security Standards: This link provides the documentation on the Supported Security standards by CAST AIP. It describes the security flaws that are covered by the standards like Cross Site Scripting, Injection Flaws, Insecure Cryptographic Storage, etc. It also describes how CAST AIP covers all these flaws and their detailed description.