# Usage of insufficient random value

## Overview

* **Rule ID**: `java_lang_insufficiently_random_values`
* **Applicable Languages**: Java
* **Weakness ID**: CWE-330

## Description

Employing predictable random values undermines application security, especially when these values are used for security-sensitive purposes.

## Remediation Guidelines

* **Do** utilize a robust library for generating random values to enhance security.

  ```java
  SecureRandom random = new SecureRandom();
  ```

## References

* [**Java SecureRandom class**](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/security/SecureRandom.html)
* [**CWE-330: Use of Insufficiently Random Values**](https://cwe.mitre.org/data/definitions/330.html)
* [**OWASP Top 10: A02:2021 - Cryptographic Failures**](https://owasp.org/Top10/A02_2021-Cryptographic_Failures/)

## Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our [**SAST TOOL**](https://scopy.sec1.io/login)