
Looks like appsec product vendors now have another angle to sell their gear as SANS has announced the release of their top 25 programming errors.
This is a fantastic list of issues that don't get enough airplay, and instead of focusing on the symptoms of the mistakes (aka OWASP top 10 web-app vulns) this list provides a sample of the root cause issues, although it could be argued that all of these common problems stem from a lack of security policy definition and enforcement regarding development.
At least for those organizations that like to use these types of lists as a form of policy tool, it will significantly reduce the number of issues that arise from development.
Comments