Expert Comments

Security Expert Re: MITRE Publishes 2020 List Of Top 25 Most Dangerous Software Weaknesses

Expert(s): Security Experts
Expert(s): Security Experts

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE,  today released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

Experts Comments

August 24, 2020
Jayant Shukla
CTO and Co-Founder
K2 Cyber Security
The new list of the top 25 most dangerous software weaknesses from the Homeland Security Systems Engineering and Development Institute contains many well-known vulnerabilities that have been targeted by cybercriminals for over a decade now. Injections top the list of the OWASP Top 10 Web Application Security Risks, and feature prominently on this list as well. Many other items on the list also match closely with the OWASP Top 10. These aren’t new risks, so why have organizations failed to .....Read More
The new list of the top 25 most dangerous software weaknesses from the Homeland Security Systems Engineering and Development Institute contains many well-known vulnerabilities that have been targeted by cybercriminals for over a decade now. Injections top the list of the OWASP Top 10 Web Application Security Risks, and feature prominently on this list as well. Many other items on the list also match closely with the OWASP Top 10. These aren’t new risks, so why have organizations failed to find these problems before releasing code to production, or failed to protect these vulnerabilities against attack in production? Unfortunately, these problems are often hard to find during testing, and sometimes they arise and are only a problem when different application modules interact, making them even harder to detect. The National Institute of Standards and Technologies (NIST) has recognized these shortcomings as well, and as a result, recently updated draft 5 of the SP800-53 application security framework to include RASP (Runtime Application Self Protection) and IAST (Interactive Application Security Testing) to better protect against these critical software weaknesses.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Apple Release Urgent iPhone Updates But Not For Pegasus Zero-day

MITRE Releases List of Top 25 Bugs, Experts Weigh In

HiveNightmare Windows Zero-Day Vuln Allows Privilege Escalation

Commentary on OAIC Finding on Uber’s Data Breach

Cybercriminals Demand $50m From Saudi Aramco

Expert Reaction On Tokyo 2020 Credential Theft

European Commission Plans to Make Cryptocurrency Transfers More Traceable, Expert...

1,000 GB of Resident’s Data Exposed and Experts Reaction

Security Flaws in Telegram Encryption, Expert Weighs In

New Cybersecurity Order Issued for US Pipeline Operators

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy