Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

被引:5
|
作者
Howard, Michael [1 ]
机构
[1] Microsoft Corp, Redmond, WA 98052 USA
来源
IEEE SECURITY & PRIVACY | 2009年 / 7卷 / 03期
关键词
Basic training; CWE; SDL; Software development lifecycle; Vulnerabilities;
D O I
10.1109/MSP.2009.69
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
In January 2009, MITRE and SANS issued the "2009 CWE/SANS Top 25 Most Dangerous Programming Errors" to help make developers more aware of the bugs that can cause security compromises (http://cwe.mitre.org/top25). CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. This article describes some best practices that can help you eliminate the CWE Top 25 vulnerabilities in your own development environment and products © 2006 IEEE.
引用
收藏
页码:68 / 71
页数:4
相关论文
共 50 条
  • [31] Assessing and Extracting Software Security Vulnerabilities in SOFL Formal Specifications
    Emeka, Busalire Onesmus
    Liu, Shaoying
    [J]. 2018 INTERNATIONAL CONFERENCE ON ELECTRONICS, INFORMATION, AND COMMUNICATION (ICEIC), 2018, : 374 - 377
  • [32] Automated Risk Management Based Software Security Vulnerabilities Management
    Althar, Raghavendra Rao
    Samanta, Debabrata
    Kaur, Manjit
    Singh, Dilbag
    Lee, Heung-No
    [J]. IEEE ACCESS, 2022, 10 : 90597 - 90608
  • [33] Bug, Fault, Error, or Weakness: Demystifying Software Security Vulnerabilities
    Bojanova, Irena
    Galhardo, Carlos Eduardo C.
    [J]. IT PROFESSIONAL, 2023, 25 (01) : 7 - 12
  • [34] On the Design of IoT Security: Analysis of Software Vulnerabilities for Smart Grids
    Mathas, Christos-Minas
    Vassilakis, Costas
    Kolokotronis, Nicholas
    Zarakovitis, Charilaos C.
    Kourtis, Michail-Alexandros
    [J]. ENERGIES, 2021, 14 (10)
  • [35] Mining the Categorized Software Repositories to Improve the Analysis of Security Vulnerabilities
    Sadeghi, Alireza
    Esfahani, Naeem
    Malek, Sam
    [J]. FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING, FASE 2014, 2014, 8411 : 155 - 169
  • [36] An Approach to Obtain Software Security Vulnerabilities Based on Vertical Search
    Li, Xiaohong
    Hu, Chang
    Feng, Zhiyong
    Du, Hongwei
    Ding, Ganggang
    [J]. MEMS, NANO AND SMART SYSTEMS, PTS 1-6, 2012, 403-408 : 3203 - 3206
  • [37] A case study in detecting software security vulnerabilities using constraint optimization
    Weber, M
    Shah, V
    Ren, C
    [J]. FIRST IEEE INTERNATIONAL WORKSHOP ON SOURCE CODE ANALYSIS AND MANIPULATION, PROCEEDINGS, 2001, : 1 - 11
  • [38] A Double-Edged Sword? Software Reuse and Potential Security Vulnerabilities
    Gkortzis, Antonios
    Feitosa, Daniel
    Spinellis, Diomidis
    [J]. REUSE IN THE BIG DATA ERA, 2019, 11602 : 187 - 203
  • [39] Software security growth modeling: Examining vulnerabilities with reliability growth models
    Ozment, Andy
    [J]. Quality of Protection: Security Measurements and Metrics, 2006, : 25 - 36
  • [40] A survey of static analysis methods for identifying security vulnerabilities in software systems
    Pistoia, M.
    Chandra, S.
    Fink, S. J.
    Yahav, E.
    [J]. IBM SYSTEMS JOURNAL, 2007, 46 (02) : 265 - 288
12345