SANS Institute - CWE/SANS TOP 25 Most Dangerous ProgrammingErrors

[gem at cigital.com (Gary McGraw)]

hi sc-l,

There are some important good things about top ten lists that are worthy of mention.  The notion of knowing your enemy 
is essential in security (as it is in warfare), and top ten lists can help get software people started thinking about 
attacks, attackers, and the vulnerabilities they go after. These days almost any attention paid to the problem is good 
attention, and the fact that the the tech press is paying attention to software security at all is a good thing.  Top 
ten lists help in that respect.

But, I am really worried about these kinds of lists and I wrote up my worries in an article that was just posted:
Top Eleven Reasons Why Top 10 (or Top 25) Lists Don't Work
http://www.informit.com/articles/article.aspx?p=1322398

I thought you might get a kick out of it.

gem

http://www.cigital.com/~gem