Top 25 Most Dangerous Programming Errors Revealed - InformationWeek
IoT
IoT
Cloud // Software as a Service
News
2/16/2010
02:09 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Top 25 Most Dangerous Programming Errors Revealed

Cross-Site Scripting tops the list, which is designed to help businesses build security into the software procurement process.

A group of over 30 national and international computer security groups on Tuesday released a list of the 25 most dangerous programming errors as part of an effort to make the custom software business more accountable.

For the U.S., where recent cyber attacks against Google and dozens of other companies have underscored the porousness of computer networks, this is a welcome development.

"We believe that integrity of hardware and software products is a critical element of cybersecurity," The Office of the Director of National Intelligence said in a statement. "Creating more secure software is a fundamental aspect of system and network security, given that the federal government and the nation's critical infrastructure depend on commercial products for business operations. The Top 25 programming errors initiative is an important component of an overall security initiative for our country. We applaud this effort and encourage the utility of this tool through other venues such as cyber education."

Earlier this month, Dennis C. Blair, Director of National Intelligence, told the Senate Intelligence Committee that U.S. critical infrastructure is "severely threatened" by cyber attacks.

Because many cyber threats rely on software vulnerabilities, there's a broad effort to improve computer science education so that programmers become better at writing secure code.

On a phone briefing for reporters, Alan Paller, director of research at the SANS Institute, said that one of the goals of the Top 25 list is to help companies avoid being in the situation faced by Siemens recently.

According to Paller, Siemens in 2008 paid over 100,000 Euros for a software package and found that security wasn't part of the deal. After weeks of negotiations, the company had to pay about 145,000 Euros more to make its custom software secure.

By providing detailed information about common software programming problems, SANS, MITRE and the other security organizations that compiled the list hope that software buyers and software vendors will be able to create contracts that require custom code to be free of the Top 25 errors.

Previous
1 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll