R330. Verify Subresource Integrity
The application must verify the integrity of all externally hosted resources and dependencies using Subresource Integrity (SRI).
Applications often use resources or have dependencies that are hosted on external servers such as a content delivery network (CDN). Applications must validate the integrity of such assets using Subresource Integrity (SRI), in case those systems are compromised.
CWE-353: Missing Support for Integrity Check The software uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.
CWE-494: Download of Code Without Integrity Check The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.