[WEB SECURITY] 2009 Top 25 Programming Errors

Trey Ford ford.trey at gmail.com
Wed Jan 14 15:52:47 EST 2009


Nice catch, Marcin.

from that link:
<snip> "Contract language doesn't work unless there's a minimum standard of
due care," Alan Paller, director of research at the SANS Institute said in a
press briefing following the announcement of the new Top 25 Errors list.
"The Top 25 Errors is the first step in defining that minimum standard."
</snip>


On Wed, Jan 14, 2009 at 11:11 AM, Marcin Wielgoszewski
<marcinw86 at gmail.com>wrote:

> I'm sorry to say, it has just happened:
>
>
> http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1344962,00.html
>
> On Wed, Jan 14, 2009 at 1:20 PM, Arian J. Evans
> <arian.evans at anachronic.com> wrote:
> > Anyway -- I think OWASP and WASC people need to get involved or you
> > are going to find that your RFPs for tools, training, and testing are
> > comprised of this SANS/MITRE Top 25. People (Software Security
> > Consumers) are already starting to use the "Top 25" this way, and
> > desperate vendors & solutions are actively steering this to try and
> > give them some legitimacy. SANS has no clue in this problem domain and
> > will take this banner and charge forward with it.
>
>
> ----------------------------------------------------------------------------
> Join us on IRC: irc.freenode.net #webappsec
>
> Have a question? Search The Web Security Mailing List Archives:
> http://www.webappsec.org/lists/websecurity/archive/
>
> Subscribe via RSS:
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
>
> Join WASC on LinkedIn
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20090114/23940291/attachment.html>


More information about the websecurity mailing list