Monday, January 12, 2009

List of Most Dangerous Programming Errors Changes IT Security Discussion

Brian Prince writes on eWeek:

Security experts from Microsoft, Symantec and a host of other organizations including the NSA have compiled a list of the most dangerous software programming errors. The list shifts the focus of IT security discussions from the results of programming vulnerabilities to the programming process itself.

SQL injection, cross-site scripting – the list of security issues affecting the programs we use daily goes on and on. So often, however, conversations about IT security focus on how to address existing vulnerabilities rather than how to prevent them from coming about in the first place.

It is here that the list of the Top 25 Most Dangerous Programming Errors released today comes into play. The list was compiled by a team of experts from more than 30 organizations, including Microsoft, Symantec and the U.S. National Security Agency (NSA). By combining a list of problems with general advice on mitigations, the authors have effectively proposed a shift in thinking about common vulnerabilities.

More here.


At Tue Jan 13, 02:42:00 AM PST, Blogger Roland Dobbins said...

They left out the most fundamentally dangerous programming error of all - failure to code in a typesafe language.


Post a Comment

<< Home