[Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors

• Previous message: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors
• Next message: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think there is a grossly disproportionate emphasis on implementation
errors in this space.
 
Mike
 

  _____  

From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Marcin
Wielgoszewski
Sent: Monday, January 12, 2009 3:33 PM
To: OWASP Leaders
Subject: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors


Today SANS in conjunction with MITRE have released the CWE/SANS Top 25 Most
Dangerous Programming Errors [1].  

It appears OWASP Foundation has made an official statement supporting this
initiative:


OWASP Foundation: 

"When facing a huge application portfolio that could contain many thousands
of instances of over 700 different types of weaknesses, knowing where to
start is a daunting task. Done right, stamping out the CWE Top 25 can not
only make you significantly more secure but can cut your software
development costs."
- Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair


[1] http://www.sans.org/top25errors/


Thoughts?  How does this affect the OWASP Top 10 Project?  I'll reserve
comment for the time being.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090112/7c90b1e3/attachment.html 

• Previous message: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors
• Next message: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]