Slashdot Mirror
The 25 Most Dangerous Programming Errors
Hugh Pickens writes "The Register reports that experts from some 30 organizations worldwide have compiled 2010's list of the 25 most dangerous programming errors along with a novel way to prevent them: by drafting contracts that hold developers responsible when bugs creep into applications. The 25 flaws are the cause of almost every major cyber attack in recent history, including the ones that recently struck Google and 33 other large companies, as well as breaches suffered by military systems and millions of small business and home users. The top 25 entries are prioritized using inputs from over 20 different organizations, who evaluated each weakness based on prevalence and importance. Interestingly enough the classic buffer overflow ranked 3rd in the list while Cross-site Scripting and SQL Injection are considered the 1-2 punch of security weaknesses in 2010. Security experts say business customers have the means to foster safer products by demanding that vendors follow common-sense safety measures such as verifying that all team members successfully clear a background investigation and be trained in secure programming techniques. 'As a customer, you have the power to influence vendors to provide more secure products by letting them know that security is important to you,' the introduction to the list states and includes a draft contract with the terms customers should request to enable buyers of custom software to make code writers responsible for checking the code and for fixing security flaws before software is delivered."
A real programmer can do all 25 in one line of code.
Kind of ironic the report is a PDF file, when another report stated that PDF accounts for 9/10 (or something like that) exploits last year.
... letting me try assembler with my level of dyslexia.
> Holding programmers accountable for their coding errors
We used to have a board where we would note "bozo the clown points" for anybody involved in the project, even managers ! ;-))
http://en.wikipedia.org/wiki/Bozo_the_Clown
Everything I write is lies, read between the lines.
She's not a guy. As for her balls, she might have ripped them off the guy named Sue for all I know.
even then, a decent DBA will prevent even the crappest program from being a problem.
When you find one of these elusive DBAs can you send me a reference, because so far I have yet to meet one even remotely tolerable, let alone "decent"
if (alert_code = red)
launch_missles ();
Oh please... what's with this "Window" customer requirement? It's trivial for a thief to break it with a rock. So what exactly is the point of doors and locks????
Apparently all car makers are aiding and abetting by including windows.
She was like chocolate when she drank... semi-sweet at first and then increasingly bitter.
so Pornorama never quite made it to the market?
Participatory Governance : The only feasible option for a real democracy, where everyone really does have a say.
We used to have the "Diaper of Shame". That started when one of the engineers said "If my code is broken, I will wear a diaper around the office all day tomorrow". Sure enough, it was broken and sure enough, some one went out and got a package of adult diapers.
We let him wear it over his pants and afterwards it would just migrate to your cubicle.
I wonder if we could still do that today....I smell a harassment suit being stirred up somewhere.
Sometimes. But that is maybe a pretty good observation. Whatever.
Your ideas are intriguing to me and I wish to subscribe to your pr0n scraper.
is it me or is americans in love with absolutes?
You are 100% correct. Anything less would be un-American.
Tequila: It's not just for breakfast anymore!
His code didn't expect two girls and one bucket
.evom ton seod gis eht