Instead it is the dangerous things they do - the things that will attract hackers and other more nasty people. To quote from the website, it "is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all."
The errors are categorised from the perspective of a variety of interest parties for instance Programmers new to security, experienced security programmers, software project managers etc. There is also detailed information on each of the programming errors and useful information on how to mitigate the risk.
This article is simply intended to announce the release of the list; it won't spend time describing all the errors, but no-one will be surprised to hear that the top three errors are:
1. Cross-site scripting
2. SQL Injection
3. Buffer overflow.
Quoting again from the site, "The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It leverages experiences in the development of the SANS Top 20 attack vectors and MITRE's Common Weakness Enumeration (CWE).
"MITRE maintains the CWE web site, with the support of the US Department of Homeland Security's National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. The CWE site contains data on more than 800 programming errors, design errors, and architecture errors that can lead to exploitable vulnerabilities."
Both programmers and hackers alike will gain much from this information.