Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

被引:5
|
作者
Howard, Michael [1 ]
机构
[1] Microsoft Corp, Redmond, WA 98052 USA
来源
IEEE SECURITY & PRIVACY | 2009年 / 7卷 / 03期
关键词
Basic training; CWE; SDL; Software development lifecycle; Vulnerabilities;
D O I
10.1109/MSP.2009.69
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In January 2009, MITRE and SANS issued the "2009 CWE/SANS Top 25 Most Dangerous Programming Errors" to help make developers more aware of the bugs that can cause security compromises (http://cwe.mitre.org/top25). CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. This article describes some best practices that can help you eliminate the CWE Top 25 vulnerabilities in your own development environment and products © 2006 IEEE.
引用
收藏
页码:68 / 71
页数:4
相关论文
共 50 条
  • [1] Reducing The Number of Security Vulnerabilities in Web Applications by Improving Software Quality
    Trifonov, Gergely
    [J]. SACI: 2009 5TH INTERNATIONAL SYMPOSIUM ON APPLIED COMPUTATIONAL INTELLIGENCE AND INFORMATICS, 2009, : 41 - 44
  • [2] Labeling Software Security Vulnerabilities
    Bojanova, Irena
    Guerrerio, John J.
    [J]. IT PROFESSIONAL, 2023, 25 (05) : 64 - 70
  • [3] Software Metrics as Indicators of Security Vulnerabilities
    Medeiros, Nadia
    Ivaki, Naghmeh
    Costa, Pedro
    Vieira, Marco
    [J]. 2017 IEEE 28TH INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING (ISSRE), 2017, : 216 - 227
  • [4] The Research on Software Security Vulnerabilities Mining
    Liu Shuyu
    Kong Weiguang
    Yang Diwei
    [J]. PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON TECHNOLOGY MANAGEMENT AND INNOVATION (TMI 2010), 2010, : 333 - 335
  • [5] On the Detection and Analysis of Software Security Vulnerabilities
    Wijesiriwardana, Chaman
    Wimalaratne, Prasad
    [J]. 2017 IEEE INTERNATIONAL CONFERENCE ON IOT AND ITS APPLICATIONS (IEEE ICIOT), 2017,
  • [6] Software Security Vulnerabilities: Baselining and Benchmarking
    Rotella, Pete
    [J]. 2018 IEEE/ACM 1ST INTERNATIONAL WORKSHOP ON SECURITY AWARENESS FROM DESIGN TO DEPLOYMENT (SEAD), 2018, : 3 - 10
  • [7] Improving Robustness of DNS to Software Vulnerabilities
    Khurshid, Ahmed
    Kiyak, Firat
    Caesar, Matthew
    [J]. 27TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2011), 2011, : 177 - 186
  • [8] A Study of Security Vulnerabilities and Software Weaknesses in Vehicles
    Xiong, Wenjun
    Gulsever, Melek
    Kaya, Koray Mustafa
    Lagerstrom, Robert
    [J]. SECURE IT SYSTEMS, NORDSEC 2019, 2019, 11875 : 204 - 218
  • [9] Software Security Vulnerabilities Seen As Feature Interactions
    Jourdan, Guy-Vincent
    [J]. FEATURE INTERACTIONS IN SOFTWARE AND COMMUNICATION SYSTEMS X, 2009, : 149 - 159
  • [10] Mapping Software Faults with Web Security Vulnerabilities
    Fonseca, Jose
    Vieira, Marco
    [J]. 2008 IEEE INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS & NETWORKS WITH FTCS & DCC, 2008, : 257 - +
12345