The Common Weakness Enumeration project has published its 2010 list of the 25 most dangerous programming errors. The project is sponsored amongst others by the Mitre Corporation, the NSA and the Department of Homeland Security. The list is compiled by canvassing the opinion of industry experts.
The weaknesses are grouped into categories that consist of:
- Insecure Interaction Between Components
- Risky Resource Management
- Porous Defences
Although I would agree with the complete list, it was a surprise to see that none of the weaknesses are really new with some having existed since programming began. The site also includes a high level action plan of how to mitigate against the top 25 which seems to provide a good starting point for securing any application.
No comments:
Post a Comment