Group Publishes Top 25 Programming Errors List
Group Publishes Top 25 Programming Errors List, Says ApplicationVendors Should Be Liable for Code Security (February 16 & 17, 2010)
The 2010 CWE (Common Weakness Enumeration)/SANS Top 25 Most Dangerous Programming Errors list points to cross-site scripting (XSS), SQL injection, and buffer overflow vulnerabilities as the causes of nearly all major cyber attacks in recent years. The consortium behind the list, headed by the SANS Institute and Mitre Corp., is also publishing draft language to use in procurement documents that would hold software development organizations liable for product security.
