2009 CWE/SANS Top 25 Most Dangerous Programming Errors


Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

I’ve been telling customers for years that most security exploits are caused by a small number of software defects (you can download my white paper on Software Security and see how to mitigate enterprise software vulnerabilities systematically using Business threat modeling

Still it’s amazing how the trade press are gushing on this – must have been a slow news day – or maybe the SANS/MITRE folks paid a bit extra to their PR people. The SANS Institute have been publishing a SANS Top 10 for years but this work is much more comprehensive and detailed.

Even if there is not cosmic news involved (“validate input”, “don’t give too much authorization” etc…) perhaps the tail wind from DHS will help more software vendors get with the agenda of writing more secure code. Schneier may have his wish come true – if the Top 25 gets written into purchasing contracts.

Cynicism aside this is a GOOD thing – click here for the CWE Top 25 software bugs

I’m looking at a PHP application right now (doing an initial software security assessment and I’m seeing stuff like URL hacking, and non-validated input – stuff like:

SQL Error: ERROR:  invalid input syntax for integer: 
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply