CWE/SANS Top 25 Most Dangerous Programming Errors

[coley at linus.mitre.org (Steven M. Christey)]

Since this is the week of the top-lists related to secure coding, I
thought I'd notify the SC-L people about a new collaboration between SANS
and MITRE.  We are creating a Top 25 list of the worst programming errors,
targeted largely at developers, software managers, and CIOs.

The list is not as high-level as the OWASP Top Ten, and not focused just
on web applications; it attempts to provide actionable details to
programmers with an informal tone.  Some SC-L subscribers are already
aware of it and have provided feedback.

The initial announcement was in late November; see
http://www.sans.org/resources/top25/

So far, we have reached out to and received input from major software
vendors, security tool vendors, consultants, the OWASP ESAPI group, and
others in industry, academia, and government.

We have one or two more rounds of review before the Top 25 list is
published in early January.

I'd been meaning to contact this list, but it slipped my mind until the
latest flurry of activity.  If you want to participate, feel free to
contact me and Bob Martin (ramartin at mitre.org) directly.

Thanks,
Steve