[Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors

Mike Boberski mike.boberski at cox.net
Mon Jan 12 19:48:12 EST 2009

I think there is a grossly disproportionate emphasis on implementation
errors in this space.


From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of Marcin
Sent: Monday, January 12, 2009 3:33 PM
To: OWASP Leaders
Subject: [Owasp-leaders] CWE/SANS Top 25 Most Dangerous Programming Errors

Today SANS in conjunction with MITRE have released the CWE/SANS Top 25 Most
Dangerous Programming Errors [1].  

It appears OWASP Foundation has made an official statement supporting this

OWASP Foundation: 

"When facing a huge application portfolio that could contain many thousands
of instances of over 700 different types of weaknesses, knowing where to
start is a daunting task. Done right, stamping out the CWE Top 25 can not
only make you significantly more secure but can cut your software
development costs."
- Jeff Williams, Aspect Security CEO and The OWASP Foundation Chair

[1] http://www.sans.org/top25errors/

Thoughts?  How does this affect the OWASP Top 10 Project?  I'll reserve
comment for the time being.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090112/7c90b1e3/attachment.html 

More information about the OWASP-Leaders mailing list