“Most of the vulnerabilities that hackers
exploit to attack Web sites and corporate servers are usually the
result of common and well-understood programming errors.
A list of 25 of the most serious such coding errors is scheduled to be released later today by a group of 30 high-profile organizations, including Microsoft, Symantec, the U.S. Department of Homeland Security (DHS) and the National Security Agency‘s Information Assurance Division. The initiative was coordinated by the SANS Institute and The MITRE Corp., a federally funded research-and-development center.
The unusual announcement is designed to focus attention on insecure
software-development practices and ways to avoid those practices, SANS
officials said in a statement. The goal in releasing the list is to
give software buyers, developers and training programs a tool they can
use to identify programming errors known to pose serious security
risks, they said.” – ComputerWorld
Sans Top 25 List: http://www.sans.org/top25errors/
http://cwe.mitre.org/top25/pdf/2009_cwe_sans_top_25.pdf (PDF)
Computerworld Article: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125678&intsrc=news_ts_head