Issue No. 03 - May/June (2009 vol. 7)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2009.69
Michael Howard , Microsoft
In January 2009, MITRE and SANS issued the "2009 CWE/SANS Top 25 Most Dangerous Programming Errors" to help make developers more aware of the bugs that can cause security compromises (http://cwe.mitre.org/top25). CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. This article describes some best practices that can help you eliminate the CWE Top 25 vulnerabilities in your own development environment and products
Basic training, vulnerabilities, CWE, SDL, software development lifecycle
M. Howard, "Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities," in IEEE Security & Privacy, vol. 7, no. , pp. 68-71, 2009.