« Hackers deface Army and Nato sites | Main | Gary McKinnon confesses to escape extradition to USA »

CWE & SANS TOP 25 Most Dangerous Programming Errors

"Most of the vulnerabilities that hackers exploit to attack Web sites and corporate servers are usually the result of common and well-understood programming errors.

A list of 25 of the most serious such coding errors is scheduled to be released later today by a group of 30 high-profile organizations, including Microsoft, Symantec, the U.S. Department of Homeland Security (DHS) and the National Security Agency's Information Assurance Division. The initiative was coordinated by the SANS Institute and The MITRE Corp., a federally funded research-and-development center.

The unusual announcement is designed to focus attention on insecure software-development practices and ways to avoid those practices, SANS officials said in a statement. The goal in releasing the list is to give software buyers, developers and training programs a tool they can use to identify programming errors known to pose serious security risks, they said." - ComputerWorld

Sans Top 25 List: http://www.sans.org/top25errors/
http://cwe.mitre.org/top25/pdf/2009_cwe_sans_top_25.pdf (PDF)
Computerworld Article: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125678&intsrc=news_ts_head


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!