Tuesday, January 13, 2009

CWE/SANS TOP 25 Most Dangerous Programming Errors


Via the TheRegister, finally, someone has come up with a list of errors that will generally get you knackered when you develop your application.

Nice.

Obviously, this list will be useful to people who want to code better and  crackers, who know that things rarely if ever get patched.  Don't get me wrong, I'm all for full disclosure and all that but given the way automated patch cycles work, I'm not hopeful that  a manual sweep of applications will ever be done.

And the rest of the programming world will move on; creating "better" classes of gargantuan errors that will make the security world weep.

Bet on it.

Only when a super massive botnet gets created by some cracker which exploits some or all variations of the errors, will some cosmetic re-arrangement of the deck chairs happen.