Are you a dangerous programmer?

By Davey Winder
Wednesday, 14 January 2009 02:06

Home IT

Dangerous is probably not a description you would apply to the average programmer, let alone yourself. However, the Microsoft, Symantec and even the US Department of Homeland Security are worried that you could unwittingly be just that and intend to prove it.

The people who set up cloned websites for online scams are undoubtedly annoying and criminal, but you could hardly call them dangerous.

Likewise, spam botnet coders are evil scumbags, but not exactly up there with Osama Bin Laden on the danger front.

However, according to MITRE and the SANS Institute, there are some 25 programming errors which can lead to serious software vulnerabilities. These are frequent in occurrence and are both easy to find and exploit.

It is these programming errors which make you a dangerous coder. Dangerous because they can allow attackers to completely control software, to steal data or just prevent the software from working in some way.

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors list comes after collaboration between both MITRE and SANS along with numerous software experts from the likes of Microsoft and Symantec in Europe and the US.

SANS has contributed via the Top 20 Attack Vectors development process, while MITRE kicks in with it's Common Weakness Enumeration project and the US Department of Homeland Security's National Cyber Security Division helps out with web hosting.

The aim of the list is to help you become a better coder by understanding your weaknesses, educating programmers how to spot and remove common mistakes before software is released.

So just what are the Top 25 Most Dangerous Programming Errors according to the CWE/SANS list? More on page 2.

CONTINUES