• 0

The top 25 most dangerous programming errors


Question

From the BBC today:

The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

http://news.bbc.co.uk/2/low/technology/7824939.stm

ps; Sorry guys, I copied the topic name from the BBCs website and it's all in caps. Maybe a mod. can fix that for me?

Link to comment
Share on other sites

7 answers to this question

Recommended Posts

  • 0

To be honest, I feel they're all pretty obvious. I did my work experience placement for my degree for the English National Health Service, and if I did something as dumb as any of them, I'd be shouted at!

Additionally, some of them should be removed by the time testing is complete. Input validation should be tested extremely thoroughly, SQL injection should be impossible if you've used good practice techniques (i.e. using the SqlCommand class properly in .NET).

If these are cropping up in NSA applications, then they need new programmers.

<flameon/>

Link to comment
Share on other sites

  • 0

Nice list, but sadly not a lot of detail and no examples or related articles. IMO an article of this importance needs more than to list the items we need to avoid.

But thanks for the heads up.

Link to comment
Share on other sites

  • 0

If they were obvious we would never have had rockets and such blowing up because of them.

Even if you do know about them, how to avoid, etc etc, when it's 5.25 pm on a Friday, you've got to get this code done before you can go for your weekend... you're going to be in a rush. It's highly likely that a normal human being will take a shortcut.

Link to comment
Share on other sites

  • 0
If they were obvious we would never have had rockets and such blowing up because of them.

Even if you do know about them, how to avoid, etc etc, when it's 5.25 pm on a Friday, you've got to get this code done before you can go for your weekend... you're going to be in a rush. It's highly likely that a normal human being will take a shortcut.

Even so, code you complete at that time shouldn't be getting shipped. Should get reviewed first, but I get your point :)

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.