MITRE’s Top 25 Most Dangerous Software Errors

It has been reported that MITRE has released a list of the top 25 most dangerous software weaknesses and errors that can be exploited by attackers to compromise our systems. The non-profit’s 2019 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors report is a compilation of errors, bugs, and potential attack vectors developers should make sure they are familiar with in the interest of security.


EXPERTS COMMENTS
Andrew van der Stock, , Senior Principal Consultant ,  Synopsys
September 19, 2019
All security architects, technical leads, and developers should be aware of these standards to avoid the most common issues.
As the co-lead of the OWASP Top 10 and the OWASP Application Security Verification Standards, I congratulate the MITRE team and welcome their newly released Top 25 Most Dangerous Software Errors. As with all application security programs, having reliable, evidence-based awareness and actual standards is critical in effectively eradicating classes of bugs that will really move the needle to prevent disastrous privacy breaches and financial losses. All security architects, technical leads, and developers should be aware of these standards to avoid the most common issues. Obviously, I am biased, but when an AppSec program has matured past the basics of the MITRE Top 25 (and the OWASP Top 10), they should consider the OWASP Application Security Verification Standard! Using testable standards allows organisations to move from “whack-a-mole” security defined by “don’t do this” awareness programs, to “build security in” standards and using them as developer secure coding checklists. Architectural analysis, maturity action plans, and building security in from the very beginning builds trust and allows ever more daring and novel applications. Well done to the MITRE team. I’m sure the MITRE Top 25 will get widespread traction.

Join the Conversation

Join the Conversation


In this article