The Common Weakness Enumeration Compatibility and Effectiveness Program has just posted its annual “2010 CWE/SANS Top 25 Most Dangerous Programming Errors.”
Just as the title says, it’s an attempt to pin down the software errors that are the most dangerous. The code is where all the vulnerabilities we deal with start. A vast number of attacks are successful because of security weaknesses in the operating systems and applications we use. Failure to patch is one of the chief ways to make yourself a victim to malcode.
The page focuses on different groups who may use its data and has suggestions for:
— Programmers new to security
— Programmers who are experienced in security
— Software project managers
— Software Testers
— Software customers
— Educators
— Users of the 2009 Top 25
“The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.”
The list has been put together by the SANS Institute, MITRE and many top software security experts in the US and Europe.
Here at Sunbelt Software, we pay close attention to it.
Tom Kelchner