News release: “…experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale. The impact of these errors is far reaching. Just two of them led to more than 1.5 million web site security breaches during 2008 – and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies.”
The Top 25 Errors are listed below in three categories:
- Category: Insecure Interaction Between Components (9 errors)
- Category: Risky Resource Management (9 errors)
- Category: Porous Defenses (7 errors)
Sorry, comments are closed for this post.