Secure Coding mailing list archives
CWE/SANS Top 25 Most Dangerous Programming Errors
From: coley at linus.mitre.org (Steven M. Christey)
Date: Wed, 17 Dec 2008 18:29:10 -0500 (EST)
Since this is the week of the top-lists related to secure coding, I thought I'd notify the SC-L people about a new collaboration between SANS and MITRE. We are creating a Top 25 list of the worst programming errors, targeted largely at developers, software managers, and CIOs. The list is not as high-level as the OWASP Top Ten, and not focused just on web applications; it attempts to provide actionable details to programmers with an informal tone. Some SC-L subscribers are already aware of it and have provided feedback. The initial announcement was in late November; see http://www.sans.org/resources/top25/ So far, we have reached out to and received input from major software vendors, security tool vendors, consultants, the OWASP ESAPI group, and others in industry, academia, and government. We have one or two more rounds of review before the Top 25 list is published in early January. I'd been meaning to contact this list, but it slipped my mind until the latest flurry of activity. If you want to participate, feel free to contact me and Bob Martin (ramartin at mitre.org) directly. Thanks, Steve
Current thread:
- CWE/SANS Top 25 Most Dangerous Programming Errors Steven M. Christey (Dec 17)