Experts reveal 25 coding errors that let in hackers


Experts reveal 25 coding errors that let in hackers

Warwick Ashford

International security organisations have unveiled a list of 25 common programming errors that cause security vulnerabilities and expose IT users to cyber attack.

Nine of the errors involve insecure interaction between software components, nine relate to risky resource management, and seven deal with access control.

The US-funded collaboration project is managed by the Mitre and Sans Institute and brings together security experts from more than 30 global organisations.

The project is aimed at helping software producers to code more securely by focussing on actual errors and providing information on how to avoid them.

The project will also enable end user organisations to get suppliers to certify their code is free of these programming errors.

The Sans Institute said it was shocking that most of these common security errors are not understood by programmers.

Programmers are not widely taught to avoid these errors and commercial software producers seldom check for them.

Mason Brown, director at the Sans Institute, said software producers need to make sure every programming team has processes in place to find, fix or avoid these problems.

The impact of these errors is far reaching, said the Sans Institute, with just two of them leading to more than 1.5 million website security breaches during 2008.

At least one organisation is known to have paid 150% more than the price of a software package to fix security flaws, according to Sans Institute research director Alan Paller.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy