Friday, July 1, 2011

2011 CWE/SANS Top 25 Most Dangerous Software Errors

Through lwn.net, the top 25 dangerous software Errors can be found here.  Makes for some nice or frightening reading depending upon your point of view. It is a bit weird that

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

is still there and at an astounding 3rd place.  I was under the impression that the new C/C++ standards would have done and fixed that at the compiler level or something of that sort. Again, assuming the bulk of these errors were in C/C++.

Makes me think that the OpenBSD folks were in the right to fix things by changing the insecure libraries so that this kind of error cannot be triggered at all.

And oh, I do like this one too

Use of Hard-coded Credentials

even mentioning espionage implications and Stuxnet.

Go on, read the full list here.

Beautiful Security: Leading Security Experts Explain How They ThinkIntroduction to Security, Eighth EditionSecure Architectures with OpenBSD