Custom Application Development

Jan 13 2009   11:04PM GMT

Software Development, Security and Programming Errors

SJC SJC Profile: SJC

Within the last few hours quite a buzz has been created by the release of the CWE/SANS Top 25 Most Dangerous Programming Errors list.  USA Today posted an article on the list with an insert about The Importance of the Flaws List.  Early today the BBC News posted Dangerous Coding Errors Revealed.  Certainly the buzz will continue!

There is much to be said about security, and certainly the independent developer needs to be just as mindful of potential flaws as the corporate developer in a team environment.  This list is for every developer to consider.  I was amazed to find a couple of practices in the Top 25 that I have, at one time or another, been guilty of doing.

The list categorizes the top 25 into categories of “Insecure Interaction Between Components“, “Risky Resource Management” and my personal favorite, “Pourous Defenses“.  The errors themselves are related to a “CWE”, or Common Weakness Enumeration which is described in detail on the CWE website.  For example, one of the Top 25  in the “Pourous Defenses” category is identified as CWE-259 Hard Coded Password.  Reviewing the entry regarding the CWE-259 I believe begins to reveal the significance and usefulness of this Top 25 list to ALL developers.

Personally, to be honest, I might not have paid much attention to it had it not been called to my attention by my son who has been involved in the project for months.  I hope readers of this blog find the material useful themselves.  Oh yes, it is estimated that some 85% of the criminal activity on the internet have resulted from these Top 25 “NOT best practices!” 🙂 in coding.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: