[ISN] The 25 Most Dangerous Programming Errors

From: InfoSec News <alerts_at_private>
Date: Tue, 13 Jan 2009 00:01:11 -0600 (CST)
http://www.bankinfosecurity.com/articles.php?art_id=1154

By Linda McGlasson
Managing Editor
Bank Info Security
January 12, 2009

As banking regulators emphasize the necessity of application security, a 
broad-based consortium now sheds new light on the most common 
vulnerabilities.

Experts from more than 30 U.S. and international cyber security 
organizations, including the National Security Agency and the Department 
of Homeland Security's National Cyber Security Division, have just 
released a list of the 25 most dangerous programming errors [1] that can 
lead to security bugs and enable cyber crime.

The panel of experts - including thought-leaders from Symantec, 
Microsoft and Purdue University - worked since last September on this 
project, breaking down the 25 errors into three categories:

* Insecure Interaction Between Components;

* Risky Resource Management;

* Porous Defense.

[1] http://www.bankinfosecurity.com/external/2009_cwe_sans_top_25.pdf

[...]


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Mon Jan 12 2009 - 22:01:11 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 12 2009 - 22:04:24 PST