Dangerous Software Bugs
January 13, 2009 by Raj Sheelvant
SANS Institute which is a source for computer security training and research has announced CWE/SANS Top 25 Most Dangerous Programming Errors. CWE stands for Common Weakness Enumeration, a government-sponsored software assurance initiative.
According to press release, this is a consensus list from 30 US and international cyber security organizations lists 25 dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. The press release also states that most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale. The impact of these errors is far reaching. The Top 25 List consists of three categories of programming errors: Insecure Interaction Between Components (nine errors), Risky Resource Management (nine errors), and Porous Defenses (seven errors).
I think this is a first step toward making software more secure. As more and more data become digitized and as we load data important to national security online the hacking moves from being a juvenile crime. Everyone has to worry not only about cyber espionage but also about terrorist organizations holding the data for ransom or worse use that data to create chaos.
The next step is to systematically spread this information to the right individual to root out these issues. The best long term option is to incorporate this into computer software courses in colleges. But to stamp out this security hole immediately, we have to train software developers to make sure they write a secure software application. Then enable the QA department to test for these ‘holes’ in software programs. I also think IT project managers also need to understand what these security software issues are and incorporate software release plan to make the application is bug free.
Popularity: 19% [?]
Related posts:
