CWE-511
Logic/Time Bomb
Description
The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met.
When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.
Consequences
Other, Integrity
—
Varies by Context, Alter Execution Logic
Mitigations
Phase: Installation
Always verify the integrity of the product that is being installed.
Detection
Automated Static Analysis
Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.