Security Expert Re: MITRE Publishes 2020 List Of Top 25 Most Dangerous Software Weaknesses

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE,  today released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

Experts Comments

August 24, 2020
Jayant Shukla
CTO and Co-Founder
K2 Cyber Security
The new list of the top 25 most dangerous software weaknesses from the Homeland Security Systems Engineering and Development Institute contains many well-known vulnerabilities that have been targeted by cybercriminals for over a decade now. Injections top the list of the OWASP Top 10 Web Application Security Risks, and feature prominently on this list as well. Many other items on the list also match closely with the OWASP Top 10. These aren’t new risks, so why have organizations failed to .....Read More
The new list of the top 25 most dangerous software weaknesses from the Homeland Security Systems Engineering and Development Institute contains many well-known vulnerabilities that have been targeted by cybercriminals for over a decade now. Injections top the list of the OWASP Top 10 Web Application Security Risks, and feature prominently on this list as well. Many other items on the list also match closely with the OWASP Top 10. These aren’t new risks, so why have organizations failed to find these problems before releasing code to production, or failed to protect these vulnerabilities against attack in production? Unfortunately, these problems are often hard to find during testing, and sometimes they arise and are only a problem when different application modules interact, making them even harder to detect. The National Institute of Standards and Technologies (NIST) has recognized these shortcomings as well, and as a result, recently updated draft 5 of the SP800-53 application security framework to include RASP (Runtime Application Self Protection) and IAST (Interactive Application Security Testing) to better protect against these critical software weaknesses.  Read Less

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.
SUBMIT
Share on facebook
Share on twitter
Share on linkedin

Recent Posts

Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics

Twitter Facebook-f Linkedin Youtube

Working With Us

The Pages

Our Contributing Experts