Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

被引:5
|
作者
Howard, Michael [1 ]
机构
[1] Microsoft Corp, Redmond, WA 98052 USA
来源
IEEE SECURITY & PRIVACY | 2009年 / 7卷 / 03期
关键词
Basic training; CWE; SDL; Software development lifecycle; Vulnerabilities;
D O I
10.1109/MSP.2009.69
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In January 2009, MITRE and SANS issued the "2009 CWE/SANS Top 25 Most Dangerous Programming Errors" to help make developers more aware of the bugs that can cause security compromises (http://cwe.mitre.org/top25). CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. This article describes some best practices that can help you eliminate the CWE Top 25 vulnerabilities in your own development environment and products © 2006 IEEE.
引用
收藏
页码:68 / 71
页数:4
相关论文
共 50 条
  • [21] Security vulnerabilities in healthcare: an analysis of medical devices and software
    Carlos M. Mejía-Granda
    José L. Fernández-Alemán
    Juan M. Carrillo-de-Gea
    José A. García-Berná
    Medical & Biological Engineering & Computing, 2024, 62 : 257 - 273
  • [22] A software security assessment system based on analysis of vulnerabilities
    Sui, Chenmeng
    Liu, Yanzhao
    Liu, Yun
    Journal of Convergence Information Technology, 2012, 7 (06) : 211 - 219
  • [23] A practical framework for dynamically immunizing software security vulnerabilities
    Lin, Zhiqiang
    Mao, Bing
    Xie, Li
    FIRST INTERNATIONAL CONFERENCE ON AVAILABILITY, RELIABILITY AND SECURITY, PROCEEDINGS, 2006, : 348 - +
  • [24] The Appilication of Fuzzing in Web software security vulnerabilities Test
    Li, Li
    Dong, Qiu
    Liu, Dan
    Zhu, Leilei
    2013 INTERNATIONAL CONFERENCE ON INFORMATION TECHNOLOGY AND APPLICATIONS (ITA), 2013, : 130 - 133
  • [25] Security vulnerabilities in healthcare: an analysis of medical devices and software
    Mejia-Granda, Carlos M.
    Fernandez-Aleman, Jose L.
    Carrillo-de-Gea, Juan M.
    Garcia-Berna, Jose A.
    MEDICAL & BIOLOGICAL ENGINEERING & COMPUTING, 2024, 62 (01) : 257 - 273
  • [26] Managing Publicly Known Security Vulnerabilities in Software Systems
    Mahrous, Hesham
    Malhotra, Baljeet
    2018 16TH ANNUAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST), 2018, : 247 - 256
  • [27] Measuring, analyzing and predicting security vulnerabilities in software systems
    Alhazmi, O. H.
    Malaiya, Y. K.
    Ray, I.
    COMPUTERS & SECURITY, 2007, 26 (03) : 219 - 228
  • [28] Characterizing and Understanding Software Security Vulnerabilities in Machine Learning Libraries
    Harzevili, Nima Shiri
    Shin, Jiho
    Wang, Junjie
    Wang, Song
    Nagappan, Nachiappan
    2023 IEEE/ACM 20TH INTERNATIONAL CONFERENCE ON MINING SOFTWARE REPOSITORIES, MSR, 2023, : 27 - 38
  • [29] Security vulnerabilities in computer software testing technology and its application
    Lan, Jiang
    INFORMATION TECHNOLOGY AND INDUSTRIAL ENGINEERING, VOLS 1 & 2, 2014, : 541 - 545
  • [30] Analysis of Software Vulnerabilities, Measures for Prevention and Protection and Security Testing
    Nakov, Ognian
    Trifonov, Roumen
    Pavlova, Galya
    Nakov, Plamen
    2021 29TH NATIONAL CONFERENCE WITH INTERNATIONAL PARTICIPATION (TELECOM), 2021, : 73 - 76
12345