: Systems often run code (like JavaScript on a website) without real-time human review.
: Flaws in the containment models of Category 2 code can allow it to reach sensitive data it should not see. Dod Mobile Code Risk Categories
: Code with limited access to system resources, typically operating within a controlled containment model or "sandbox". : Systems often run code (like JavaScript on
: Historically, this included ActiveX and Shockwave Flash , which could operate outside a restricted "sandbox" environment to interact directly with the operating system. : Historically, this included ActiveX and Shockwave Flash
: Generally allowed if the technology has a proven history of security and operates strictly within its intended sandbox. Category 3: Restricted Functionality (Lowest Risk)
The Department of Defense (DoD) categorizes —software like JavaScript or ActiveX that downloads and executes automatically—based on its functionality and the potential threat it poses to information systems. These risk categories help determine which technologies are safe for use on government workstations and remote servers.