International security organisations have unveiled a list of 25 common programming errors that cause security vulnerabilities and expose IT users to cyber attack.
The project is aimed at helping software producers to code more securely by focussing on actual errors and providing information on how to avoid them.
The project will also enable end user organisations to get suppliers to certify their code is free of these programming errors.
The Sans Institute said it was shocking that most of these common security errors are not understood by programmers.
Programmers are not widely taught to avoid these errors and commercial software producers seldom check for them.
Mason Brown, director at the Sans Institute, said software producers need to make sure every programming team has processes in place to find, fix or avoid these problems.
The impact of these errors is far reaching, said the Sans Institute, with just two of them leading to more than 1.5 million website security breaches during 2008.
At least one organisation is known to have paid 150% more than the price of a software package to fix security flaws, according to Sans Institute research director Alan Paller.