Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

The 25 Most Dangerous Programming Errors

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 13 Jan 2009 00:01:11 -0600 (CST)
http://www.bankinfosecurity.com/articles.php?art_id=1154

By Linda McGlasson
Managing Editor
Bank Info Security
January 12, 2009

As banking regulators emphasize the necessity of application security, a 
broad-based consortium now sheds new light on the most common 
vulnerabilities.

Experts from more than 30 U.S. and international cyber security 
organizations, including the National Security Agency and the Department 
of Homeland Security's National Cyber Security Division, have just 
released a list of the 25 most dangerous programming errors [1] that can 
lead to security bugs and enable cyber crime.

The panel of experts - including thought-leaders from Symantec, 
Microsoft and Purdue University - worked since last September on this 
project, breaking down the 25 errors into three categories:

* Insecure Interaction Between Components;

* Risky Resource Management;

* Porous Defense.

[1] http://www.bankinfosecurity.com/external/2009_cwe_sans_top_25.pdf

[...]


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Previous By Date Next
Previous By Thread Next

Current thread: