The program uses hard-coded constants instead of symbolic names
					for security-critical values, which increases the likelihood of mistakes during
					code maintenance or security policy change.If the developer does not find all occurrences of the hard-coded
						constants, an incorrect policy decision may be made if one of the constants
						is not changed. Making changes to these values will require code changes
						that may be difficult or impossible once the system is released to the
						field. In addition, these hard-coded values may become available to
						attackers if the code is ever disclosed.