The 25 Most Dangerous Programming Errors 534
Hugh Pickens writes "The Register reports that experts from some 30 organizations worldwide have compiled 2010's list of the 25 most dangerous programming errors along with a novel way to prevent them: by drafting contracts that hold developers responsible when bugs creep into applications. The 25 flaws are the cause of almost every major cyber attack in recent history, including the ones that recently struck Google and 33 other large companies, as well as breaches suffered by military systems and millions of small business and home users. The top 25 entries are prioritized using inputs from over 20 different organizations, who evaluated each weakness based on prevalence and importance. Interestingly enough the classic buffer overflow ranked 3rd in the list while Cross-site Scripting and SQL Injection are considered the 1-2 punch of security weaknesses in 2010. Security experts say business customers have the means to foster safer products by demanding that vendors follow common-sense safety measures such as verifying that all team members successfully clear a background investigation and be trained in secure programming techniques. 'As a customer, you have the power to influence vendors to provide more secure products by letting them know that security is important to you,' the introduction to the list states and includes a draft contract with the terms customers should request to enable buyers of custom software to make code writers responsible for checking the code and for fixing security flaws before software is delivered."
Errors, Schmerrors (Score:5, Funny)
A real programmer can do all 25 in one line of code.
Alanis ? (Score:5, Funny)
Kind of ironic the report is a PDF file, when another report stated that PDF accounts for 9/10 (or something like that) exploits last year.
And Number 26 ... (Score:3, Funny)
Re:Yeah, right. (Score:3, Funny)
> Holding programmers accountable for their coding errors
We used to have a board where we would note "bozo the clown points" for anybody involved in the project, even managers ! ;-))
http://en.wikipedia.org/wiki/Bozo_the_Clown [wikipedia.org]
Re:zero risk (Score:3, Funny)
Re:Errors, Schmerrors (Score:5, Funny)
#include "win32.h" /* :p */
Re:Yeah, right. (Score:3, Funny)
even then, a decent DBA will prevent even the crappest program from being a problem.
When you find one of these elusive DBAs can you send me a reference, because so far I have yet to meet one even remotely tolerable, let alone "decent"
The most dangerous C programming error (Score:5, Funny)
launch_missles ();
Re:Yeah, right. (Score:3, Funny)
Oh please... what's with this "Window" customer requirement? It's trivial for a thief to break it with a rock. So what exactly is the point of doors and locks????
Apparently all car makers are aiding and abetting by including windows.
Re:Yeah, right. (Score:5, Funny)
Re:Yeah, right. (Score:4, Funny)
We used to have the "Diaper of Shame". That started when one of the engineers said "If my code is broken, I will wear a diaper around the office all day tomorrow". Sure enough, it was broken and sure enough, some one went out and got a package of adult diapers.
We let him wear it over his pants and afterwards it would just migrate to your cubicle.
I wonder if we could still do that today....I smell a harassment suit being stirred up somewhere.
Re:zero risk (Score:2, Funny)
Re:Yeah, right. (Score:5, Funny)
Your ideas are intriguing to me and I wish to subscribe to your pr0n scraper.
Re:zero risk (Score:5, Funny)
is it me or is americans in love with absolutes?
You are 100% correct. Anything less would be un-American.
Re:Yeah, right. (Score:5, Funny)
His code didn't expect two girls and one bucket
Re:The most dangerous C programming error (Score:3, Funny)
//Fixed.
void le_nap(void)
{
sleep 500;
}
if (alert_code = red)
{
if (le_tired) le_nap;
launch_missles ();
}