The 25 Most Dangerous Programming Errors

Hugh Pickens writes "The Register reports that experts from some 30 organizations worldwide have compiled 2010's list of the 25 most dangerous programming errors along with a novel way to prevent them: by drafting contracts that hold developers responsible when bugs creep into applications. The 25 flaws are the cause of almost every major cyber attack in recent history, including the ones that recently struck Google and 33 other large companies, as well as breaches suffered by military systems and millions of small business and home users. The top 25 entries are prioritized using inputs from over 20 different organizations, who evaluated each weakness based on prevalence and importance. Interestingly enough the classic buffer overflow ranked 3rd in the list while Cross-site Scripting and SQL Injection are considered the 1-2 punch of security weaknesses in 2010. Security experts say business customers have the means to foster safer products by demanding that vendors follow common-sense safety measures such as verifying that all team members successfully clear a background investigation and be trained in secure programming techniques. 'As a customer, you have the power to influence vendors to provide more secure products by letting them know that security is important to you,' the introduction to the list states and includes a draft contract with the terms customers should request to enable buyers of custom software to make code writers responsible for checking the code and for fixing security flaws before software is delivered."

Only One Solution

[rebelscience]

The solution to the software reliability crisis is to abandon the Turing Computing Model and adopt a deterministic, non-algorithmic, implicitly parallel, synchronous and reactive software model. This model is based on the notion that almost all unforeseen (and unpreventable by syntactic debuggers) bugs are due to erroneous temporal expectations within computer programs. Timing is the critical element of computing that is missing from the Turing Computing Model. And it's not a matter of providing clock objects for use in certain time-dependent applications. Timing is critical at the instruction level because it allows us to determine the invariant temporal signature of a program and sound an alarm whenever a deviation is detected. Software should be such that it should be possible to determine whether any two events (operations) within a program are either concurrent or sequential under various conditions. This sort of temporal determinism will enhance security and reliability by many orders of magnitude if not cure the problem once and for all. If you're serious about finding a solution to the parallel programming crisis that is also a solution to the reliability problem, check out the links below. It's free info. Take it or leave it.

How to Solve the Parallel Programming Crisis
Parallel Computing: The End of the Turing Madness
Why Software Is Bad and What We Can Do to Fix It

The jest of it is that we must reinvent the computer. We are using essentially the same model that Babbage invented more than 150 years ago, the thread concept. It's time to change.

Re:Yeah, right.

[pnewhook]

Open source software is everything that closed source software is. Plus the source is available.

... with socialist overtones (lets work for free and release it so everyone can enjoy it! But if they do enjoy it, they have to work for free too!)