== Why is this an issue?

Debug statements (ones with 'D' or 'd'  in the indicator area) should not be executed in production, but the ``++WITH DEBUGGING MODE++`` clause activates all debug lines, which could expose sensitive information to attackers. Therefore the ``++WITH DEBUGGING MODE++`` clause should be removed.


=== Noncompliant code example

[source,cobol]
----
SOURCE-COMPUTER. IBM-370 WITH DEBUGGING MODE.
----


=== Compliant solution

[source,cobol]
----
SOURCE-COMPUTER. IBM-370.
----


== Resources

* OWASP - https://owasp.org/www-project-top-ten/2017/A3_2017-Sensitive_Data_Exposure[Top 10 2017 Category A3 - Sensitive Data Exposure]
* CWE - https://cwe.mitre.org/data/definitions/489[CWE-489 - Active Debug Code]

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Remove this clause activating debugging mode


endif::env-github,rspecator-view[]