MITRE’s Top 25 Most Dangerous Software Errors

By   ISBuzz Team
Writer , Information Security Buzz | Sep 19, 2019 03:30 am PST

It has been reported that MITRE has released a list of the top 25 most dangerous software weaknesses and errors that can be exploited by attackers to compromise our systems. The non-profit’s 2019 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors report is a compilation of errors, bugs, and potential attack vectors developers should make sure they are familiar with in the interest of security.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Andrew Van der Stock,
Andrew Van der Stock, , Senior Principal Consultant
September 19, 2019 11:41 am

As the co-lead of the OWASP Top 10 and the OWASP Application Security Verification Standards, I congratulate the MITRE team and welcome their newly released Top 25 Most Dangerous Software Errors. As with all application security programs, having reliable, evidence-based awareness and actual standards is critical in effectively eradicating classes of bugs that will really move the needle to prevent disastrous privacy breaches and financial losses. All security architects, technical leads, and developers should be aware of these standards to avoid the most common issues.

Obviously, I am biased, but when an AppSec program has matured past the basics of the MITRE Top 25 (and the OWASP Top 10), they should consider the OWASP Application Security Verification Standard! Using testable standards allows organisations to move from “whack-a-mole” security defined by “don’t do this” awareness programs, to “build security in” standards and using them as developer secure coding checklists. Architectural analysis, maturity action plans, and building security in from the very beginning builds trust and allows ever more daring and novel applications.

Well done to the MITRE team. I’m sure the MITRE Top 25 will get widespread traction.

Last edited 4 years ago by Andrew Van der Stock,

Recent Posts

Would love your thoughts, please comment.x