== Why is this an issue?

The ``++DEBUG(*YES)++`` and ``++DUMP++`` statements are useful during development and debugging, but could expose sensitive information to attackers and should not be included in production code. 


=== Noncompliant code example

[source,rpg]
----
   H*------------------------------------------------------------------------- 
   H   DATEDIT(*YMD) DEBUG(*YES)                                               
   H**************************************************************************

   C     SR990         BegSR                                                                   
   C     'CVTERR'      DUMP                                                   DUMP for error
   C                   Move      *on           *INLR                                          
----


=== Compliant solution

[source,rpg]
----
   H*------------------------------------------------------------------------- 
   H   DATEDIT(*YMD) 
   H**************************************************************************

   C     SR990         BegSR                                                                   
   C                   Move      *on           *INLR                                          
----


== Resources

* https://www.owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[OWASP Top 10 2017 Category A3] - Sensitive Data Exposure
* https://cwe.mitre.org/data/definitions/489[MITRE, CWE-489] - Active Debug Code

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Remove this use of "XXX"


endif::env-github,rspecator-view[]