#8 - Software and data integrity failures

If APIs deserialize hostile or tampered objects supplied by an attacker, they will become vulnerable. The Clinical Data API should not accept serialized objects from untrusted sources or use serialization mediums that only permit primitive data types.