A consortium involving as many as 30 international security organisations has divulged ‘25 most dangerous programming errors’, as a part of its efforts to make the software development business more accountable.
The US-backed joint project, which is run by the Mitre and SANS Institute, first revealed Top 25 common programming errors in January 2009 to give away details on most common vulnerabilities that left software users prone to unauthorised cyber intrusions.
This year’s 25 most common programming errors are arranged on the basis of feedbacks from more than 20 organisations, which assessed each of the flaws on the basis of prevalence and how critical they are.
Cross-site scripting emerges as the topmost entity in the list, which intends to help businesses to ensure safer software procurement.
Along with divulging most common programming flaws, the consortium zeroed in on standardised contract language between software developers and buyers, to make sure that the buyers wouldn’t be held responsible for buggy code.
Hailing the initiative, the Office of the Director of US National Intelligence, said: “The Top 25 programming errors initiative is an important component of an overall security initiative for our country. We applaud this effort and encourage the utility of this tool through other venues such as cyber education”.
Publishing a list of weaknesses can have good and bad results. This means for example that hackers and cybercriminals can use it as a checklist when planning targeted attacks or worse get an automated tool to do it for them.