Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

Michael Howard

doi:10.1109/MSP.2009.69

Security&Privacy
2009
Issue No. 3 - May/June
Abstract - Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

	This Article
	Subscribers, please Login Purchase article: $19 PDF HTML IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Michael Howard

Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

May/June 2009 (vol. 7 no. 3)

pp. 68-71

	ASCII Text	x
	Michael Howard, "Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities," IEEE Security & Privacy, vol. 7, no. 3, pp. 68-71, May/June, 2009.

	BibTex	x
	@article{ 10.1109/MSP.2009.69, author = {Michael Howard}, title = {Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities}, journal ={IEEE Security & Privacy}, volume = {7}, number = {3}, issn = {1540-7993}, year = {2009}, pages = {68-71}, doi = {http://doi.ieeecomputersociety.org/10.1109/MSP.2009.69}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - MGZN JO - IEEE Security & Privacy TI - Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities IS - 3 SN - 1540-7993 SP68 EP71 EPD - 68-71 A1 - Michael Howard, PY - 2009 KW - Basic training KW - vulnerabilities KW - CWE KW - SDL KW - software development lifecycle VL - 7 JA - IEEE Security & Privacy ER -

Michael Howard, Microsoft

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.69

In January 2009, MITRE and SANS issued the "2009 CWE/SANS Top 25 Most Dangerous Programming Errors" to help make developers more aware of the bugs that can cause security compromises (http://cwe.mitre.org/top25). CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. This article describes some best practices that can help you eliminate the CWE Top 25 vulnerabilities in your own development environment and products

Index Terms:

Basic training, vulnerabilities, CWE, SDL, software development lifecycle

Citation:

Michael Howard, "Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities," IEEE Security & Privacy, vol. 7, no. 3, pp. 68-71, May-June 2009, doi:10.1109/MSP.2009.69

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.