Delivering code in production with debug features activated is security-sensitive. It has led in the past to the following vulnerabilities:

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999007[CVE-2018-1999007]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5306[CVE-2015-5306]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006[CVE-2013-2006]

Debug statements (ones with 'D' or 'd'  in the indicator area) should not be executed in production, but the ``++WITH DEBUGGING MODE++`` clause activates all debug lines, which could expose sensitive information to attackers.

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
SOURCE-COMPUTER. IBM-370 WITH DEBUGGING MODE.
----

== Compliant Solution

----
SOURCE-COMPUTER. IBM-370.
----

include::../see.adoc[]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]