Monday, January 12
SANS Top 25 Programming Errors
Looks like appsec product vendors now have another angle to sell their gear as SANS has announced the release of their top 25 programming errors.
This is a fantastic list of issues that don't get enough airplay, and instead of focusing on the symptoms of the mistakes (aka OWASP top 10 web-app vulns) this list provides a sample of the root cause issues, although it could be argued that all of these common problems stem from a lack of security policy definition and enforcement regarding development.
At least for those organizations that like to use these types of lists as a form of policy tool, it will significantly reduce the number of issues that arise from development.