CMS Assessment Model - Information - Why does Quality rule Avoid many-to-many association belong to health factor Security
Created by user-32741 on Feb 11, 2022
This page explains why does the Quality rule Avoid many-to-many association belong to health factor Security.
Applicable in CAST Version
Microsoft SQL Server
The Quality Rule "Avoid many-to-many association" is included in the Security Index because it is part of the "Architecture - Multi-Layers and Data Access" Technical criterion. This is the structure of our Assessment model: mapping of Quality Rule to Technical Criteria and mapping of Technical Criteria to Business Criteria is independent. It's a mesh, not a tree.
As such, each rule contributing (indirectly) to the Security index must not be considered as a security hole. We rather have a global assessment of the app on a Technical aspect (here, how well architectured is the way the app accesses its data). We then estimate that this Technical assessment contributes with a given importance to the global Security score, together with the assessments done on other aspects. However,if in your particular application, this particular rule is not relevant or should not be considered so critical, it is always possible for you to customize the assessment model locally.
Document generated by Confluence on Feb 09, 2024 16:42