Software Assurance CWE/SANS Top 25 Most Dangerous Programming Errors

Why Register?

Search: Bibliographic Database(SEBD) Lifecycle Database(SLED) DoD Acronyms

DACS Home

DACS Services

Publications

Training

About Us

DACS Store

Suggest A Link

Top : Software Assurance : CWE/SANS Top 25 Most Dangerous Programming Errors

The 2009 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most significant programming errors that can lead to serious software vulnerabilities.

Insecure Interaction Between Components (9) - Nine weaknesses related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems.
On the Cusp: Other Weaknesses to Consider (2) - Many weaknesses were considered for inclusion on the Top 25, but some did not make it to the final list. Some were not considered to be severe enough; others were not considered to be prevalent enough. Users of the Top 25 should seriously consider including these weaknesses in their analyses.
Porous Defenses (7) - Seven weaknesses related to defensive techniques often misused, abused, or ignored.
Risky Resource Management (9) - Nine weaknesses related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.
CWE Announces Top 25 Most Dangerous Programming Errors -
SANS Institute Announces Top 25 Most Dangerous Programming Errors -

Suggest Supporting Web Sites Click to Minimize/Maximize the suggestion

Acronyms, Dictionaries, Glossaries & Other Library Resources

Agile Development

Cleanroom Software Engineering

Client/Server Architectures

Collaborative Software Engineering

Computer Aided Software Engineering (CASE)

Computer Security

Configuration Management

Cost Estimation

CWE/SANS Top 25 Most Dangerous Programming Errors

Data Mining, Data Warehousing and Knowledge Discovery

Distributed Object Technology (DOT)

Earned Value

Education and Training

High Performance Computing (HPC)

Object-Oriented (OO) Technologies

Open Source

Open Technology

Plans, Policies and Standards

Programming Languages

Project Management

Rapid Prototyping and Application Development

Requirements Engineering

Reuse of Software Assets

Software Architecture

Software Best Practices

Software Maintenance

Software Process Improvement (SPI)

Gold Practices Homepage

Acquisition Process Improvement

Architecture-First Approach

Assess Reuse Risks and Costs

Binary Quality Gates at the Inch-Pebble Level

Capture artifacts in rigorous, model-based notation

Commercial Specifications and Standards/Open Systems

Defect Tracking Against Quality Targets

Develop and Maintain a Life-cycle Business Case

Ensure Interoperability

Formal Inspections

Formal Risk Management

Goal-Question-Metric Approach

Integrated Product and Process Development

Manage Requirements

Metrics-based Scheduling

Model Based Testing

Plan for Technology Insertion

Requirements Trade-Off/Negotiation

Statistical Process Control

Track Earned Value

View our latest issue on

Model-Driven Development

DACS Latest Technical Report

TEMS Logo
Visit the DTIC TEMS Initiative

DACS Gold Practice Initiative

ROI Dashboard