Delivering code in production with debug features activated is security-sensitive. It has led in the past to the following vulnerabilities:

* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1999007[CVE-2018-1999007]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5306[CVE-2015-5306]
* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2006[CVE-2013-2006]

The ``DEBUG(*YES)`` and ``DUMP`` statements are useful during development and debugging, but could expose sensitive information to attackers and should not be included in production code. 

include::../ask-yourself.adoc[]

include::../recommended.adoc[]

== Sensitive Code Example

----
   H*------------------------------------------------------------------------- 
   H   DATEDIT(*YMD) DEBUG(*YES)                                               
   H**************************************************************************

   C     SR990         BegSR                                                                   
   C     'CVTERR'      DUMP                                                   DUMP for error
   C                   Move      *on           *INLR                                          
----

== Compliant Solution

----
   H*------------------------------------------------------------------------- 
   H   DATEDIT(*YMD) 
   H**************************************************************************

   C     SR990         BegSR                                                                   
   C                   Move      *on           *INLR                                          
----

include::../see.adoc[]