RealTime IT News

SANS Names Mistakes That Cause Vulnerability

Malware writers are always on the lookout for vulnerabilities in software that they can exploit, and unfortunately, sloppy programmers give them plenty of code bugs to exploit. SANS Institute, which specializes in vulnerabilities issues, has issued the top 25 mistakes programmers make and what that leads to. CodeGuru has the list of shame.


When it comes to programming errors, some are more common than others. A new report from the SANS Institute identifies the top 25 programming errors that have led to nearly every type of IT security threat over the last year. The report draws on the input of 28 different groups including those in government and the private sector and leverages the CWE (Common Weakness Enumeration) numbering system to label vulnerabilities.

The report follows one done by SANS on the same topic for 2009, and provides similar findings this time around. But while the SANS lists attempt to identify the top programming errors, there is some disagreement when it comes to the top programming errors that Linux developers face.

"The takeaway from this list isn't so much that there is anything here that is particularly new or surprising at all," Alex Horan, director of product management at Core Security, said in a e-mail to InternetNews.com. "In fact, what it reinforces is that most organizations, and software/Web app developers, continue to struggle with the same types of security issues that they've been dealing with for years."

The 2010 SANS list is structured differently than the 2009 list which provided the top 25 in a list broken down by three categories. For 2010, SANS has also provided a general ranking of the top 25 with Cross Site Scripting (XSS).

Read the full story at CodeGuru:
SANS Names Top 25 Programming Errors