Friday, November 28, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Sony's New E-Paper FES Watch Appears Online
Amazon Releases Deals of the Year on Cyber Monday
Germany To Get Secure Phones By BlackBerry
Xbox And Playstation Black Friday Deals
Toshiba Launches ARM-Based Application Processors with Sound, Image Data-Mining and Security Functions
Pioneer To Release The BDR-XU03JM Portable Blu-ray Drive For Macs
Syrian Electronic Army targets CNBC, Telegraph, Independent, PCWorld
GoPro Camera Drones In The Works: report
Active Discussions
Hi All!
cdrw trouble
CDR for car Sat Nav
DVD/DL for Optiarc 7191S at 8X
Copied dvd's say blank in computer only
Made video, won't play back easily
New Features In Firefox 33
updated tests for dvd and cd burners
 Home > News > General Computing > Experts...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, January 13, 2009
Experts Announce the 25 Most Dangerous Programming Errors - And How to Fix Them


Experts from more than 30 US and international cyber security organizations jointly released the list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.

The list was spearheaded by the National Security Agency.

"Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale," SANS Institute said in a press release.

The impact of these errors led to more than 1.5 million web site security breaches during 2008 - and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies.

People and organizations that provided input to the project are among the most respected security experts and they come from leading organizations ranging from Symantec and Microsoft, to DHS's National Cyber Security Division and NSA's Information Assurance Division, to OWASP and the Japanese IPA, to the University of California at Davis and Purdue University.

Until now, most guidance focused on the 'vulnerabilities' that result from programming errors. The Top 25, however, focuses on the actual programming errors, made by developers that create the vulnerabilities. As important, the Top 25 web site provides detailed information on mitigation. "Now, with the Top 25, we can spend less time working with police after the house has been robbed and instead focus on getting locks on the doors before it happens." said Paul Kurtz, a principal author of the US National Strategy to Secure Cyberspace and executive director of the Software Assurance Forum for Excellence in Code (SAFECode).

The list might help improve the quality of programming classes and training programs by creating consensus about what the most common mistakes are and what developers can do to prevent them.

The errors have been broken into three categories labeled insecure interaction between components (nine errors), risky resource management (nine also) and porous defenses (seven). Mistakes include improper input validation, external control of external state data and improper access control.

Resources to Help Eliminate The Top 25 Errors

The TOP 25 Errors List will be updated regularly and will be posted at both the SANS and MITRE sites www.sans.org/top25 cwe.mitre.org/top25/

MITRE maintains the CWE (Common Weakness Enumeration) web site, with the support of the US Department of Homeland Security's National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. That site also contains data on more than 700 additional programming errors, design errors and architecture errors that can lead to exploitable vulnerabilities. cwe.mitre.org/

SANS maintains a series of assessments of secure coding skills in three languages along with certification exams that allow programmers to determine gaps in their knowledge of secure coding and allows buyers to ensure outsourced programmers have sufficient programming skills. Organizations with more than 500 programmers can assess the secure coding skills of up to 100 programmers at no cost.


Previous
Next
Toshiba to Buy Fujitsu's Hard Drive Business        All News        Microsoft Resumes Windows 7 Downloads
Blockbuster and Sonic/CinemaNow Team for Internet Movie Delivery     General Computing News      Microsoft Resumes Windows 7 Downloads

Get RSS feed Easy Print E-Mail this Message

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .