Expert Comments

Security Expert Re: MITRE Publishes 2020 List Of Top 25 Most Dangerous Software Weaknesses

Expert(s): Security Experts
Expert(s): Security Experts

The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE,  today released the 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent and critical errors that can lead to serious vulnerabilities in software. An attacker can often exploit these vulnerabilities to take control of an affected system, obtain sensitive information, or cause a denial-of-service condition.

Experts Comments

Dot Your Expert Comments
Jayant Shukla
August 24, 2020
CTO and Co-Founder
K2 Cyber Security

The National Institute of Standards and Technologies (NIST) has recognized these shortcomings as well.
The new list of the top 25 most dangerous software weaknesses from the Homeland Security Systems Engineering and Development Institute contains many well-known vulnerabilities that have been targeted by cybercriminals for over a decade now. Injections top the list of the OWASP Top 10 Web Application Security Risks, and feature prominently on this list as well. Many other items on the list also match closely with the OWASP Top 10. These aren’t new risks, so why have organizations failed to .....Read More
The new list of the top 25 most dangerous software weaknesses from the Homeland Security Systems Engineering and Development Institute contains many well-known vulnerabilities that have been targeted by cybercriminals for over a decade now. Injections top the list of the OWASP Top 10 Web Application Security Risks, and feature prominently on this list as well. Many other items on the list also match closely with the OWASP Top 10. These aren’t new risks, so why have organizations failed to find these problems before releasing code to production, or failed to protect these vulnerabilities against attack in production? Unfortunately, these problems are often hard to find during testing, and sometimes they arise and are only a problem when different application modules interact, making them even harder to detect. The National Institute of Standards and Technologies (NIST) has recognized these shortcomings as well, and as a result, recently updated draft 5 of the SP800-53 application security framework to include RASP (Runtime Application Self Protection) and IAST (Interactive Application Security Testing) to better protect against these critical software weaknesses.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

15 Schools Hit By Cyberattack In Nottinghamshire

Qualys Hit With Ransomware And Customer Invoices Leaked

Experts Reaction On PrismHR Hit By Ransomware Attack

Expert Insight On Ryuk’s Revenge: Infamous Ransomware Is Back And...

ObliqueRAT Trojan Lurks On Compromised Websites – Experts Comments

Microsoft Multiple 0-Day Attack – Tenable Comment

Experts Reaction On Malaysia Airlines 9 Years Old Data Breach

IoT Security In The Spotlight, As Research Highlights Alexa Security...

Oxfam Australia Confirms ‘Supporter’ Data Accessed In Cyber Attack

Expert Reaction On Solarwinds Blames Intern For Weak Passwords