CWE/SANS Top 25 released today

Update: Read about Gary McGraw’s take on Top N lists.

MITRE and SANS released the CWE/SANS Top 25 Most Dangerous Programming Errors list today. This list is an attempt at being more code-centric than other similar lists, such as the OWASP Top 10.

Although these lists cover what is often considered “low-hanging” fruit vulnerabilities or the coding errors that lead to them, they are great conversation starters and act as a stepping-stone for organizations just getting started in improving the way they find and fix common issues. We cannot afford, however, to not think about, pay attention to, or invest resources in finding all the other kinds of vulnerabilities that don’t show up on these lists.

Post a Comment

Your email is never published nor shared. Required fields are marked *