Wednesday, January 14, 2009

Top 25 Most dangerous coding errors

A joint effort between CWE (Common Weakness Enumeration) and SANS, and with the participation of experts in the field, produced the "Top 25 most dangerous coding errors"  a list of the most significant programming errors that can lead to serious software vulnerabilities, this document will impact in many areas like:

  • Software buyers will be able to buy much safer software. ( with a certificate of code beign free of these 25 bugs)
  • Programmers will have tools that consistently measure the security of the software they are writing.
  • Colleges will be able to teach secure coding more confidently.
  • Employers will be able to ensure they have programmers who can write more secure code. 
"The main goal of the Top 25 list is to stop vulnerabilities at the source by educating programmers on how to eliminate all-too-common mistakes before software is even shipped."

This is a good initiative to have a very brief list of programming errors, so the programmers could use as a guide, the language and examples used are very easy to understand and i guess this will facilitate the adoption by the programmers.

There is a lot of information about secure coding at OWASP, but i guess that this simple guide will be easier to use, than OWASP documentation.

Hope programmers start to use it :)

You can check the list here


No comments:

Wfuzz 2.2.0 released

I'm pleased to announce a new version of WFuzz! Wfuzz has been created to facilitate the task in web applications assessments and it...