Software Quality Insights

Jan 13 2009   11:49PM GMT

Value of SANS’ list of top software errors rests on project managers

Jan Stafford Jan Stafford Profile: Jan Stafford

Whether the CWE/SANS list of the 25 most dangerous programming errors will contribute to the creation of better software depends on whether managers, rather than developers, read it and take action, according to Jack Danahy, chief technology officer and co-founder of source code vulnerability analysis firm Ounce Labs Inc. I talked with Danahy today about the follow-up and follow-through that could make the list a valuable turning point in development, rather than a partially-remembered checklist.

“It’s one thing to come up with a list of 25 things that developers should consider, but we haven’t arrived at a point where anyone is meaningfully asking or requiring developers to consider these things,” Danahy said.

Project managers should support developers spending time to research these issues, in Danahy’s view. The best-case scenario would be that software development managers -– the program manager, business unit manager, software auditor, etc. -– would use this list in specifications, asking for metrics to make sure that those errors have been looked for and eliminated before the software rolls into production.

“Developers won’t remember this list off the top of their heads, but if it becomes codifed as a requirement they will remember,” Danahy said. “A team could come up with distilled list of 5to 12 key design criteria that would provide the essence of keeping these errors from happening.”

To read more opinions about the CWE/SANS research, check out software development pro Mike Kelly’s post on using the list and’s news report.

What will your organization do with this list? Will it have an impact or be quickly forgotten? Sound off in our comments below or by writing to

2  Comments on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Egabbert
    Check out [A href=",289142,sid14_gci1344962,00.html"]this article from[/A] -- New York is trying to legislate more secure code as Danahy suggested.
    25 pointsBadges:
  • Egabbert
    Hm, intersting rendered of that link. Should take you here:,289142,sid14_gci1344962,00.html
    25 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: