You can be on Entrepreneur’s cover!

Report: Programming Errors Compromise Software Security

By Entrepreneur Staff

entrepreneur daily
computer-security.jpg

Every year, millions of computers are infected with viruses, and databases with sensitive consumer data are hacked. According to a report by the SANS Institute, a leading organization for computer security training, these security breaches are a result of poor programming.

Together with 30 top international cyber security experts, the SANS Institute has published The Top 25 Most Dangerous Programming Errors, identifying the most common and dangerous programming oversights. In fact, the impact of these errors is so widespread, just two of them--SQL injection (CWE-89) and cross-site scripting (CWE-79)--resulted in more than 1 million website security breaches. Those security breaches flow into the computers of website visitors, rendering their computers inoperable.

According to Steve Christey, principal information security engineer for The MITRE Corp., as well as editor and technical coordinator of Top 25, the purpose of the report is to raise awareness about the small errors made by programmers that result it major security problems. The commission also wanted to arm consumers with information to enable them to demand more secure software programs.

"Universities teach technique," Christey says, "but many programmers come out [of college] never having heard the word security in their classes."

With the push to produce more and more software, the focus is often on creating new code, and producing it quickly. In this environment, the security of the programs becomes an ancillary concern, if it is addressed at all.

The SANS Institute and its affiliates hope the Top 25 report will be a catalyst to forcing the technology industry, which is heavily dependent on software, to create more secure programs. However, Christey notes that it is up to consumers--especially business owners who collect sensitive consumer information--to attach security standards to their software requests. If software consumers demand more secure programs, software developers will be motivated to create better programs in order to compete.

"If developers learn to program more securely," Christey says, "ultimately, they will learn to create better programs."

The Top 25 list was broken down into three categories: insecure interaction between components, risky resource management, and porous defenses. It should come as no surprise that the most common and dangerous programming errors fall into the first category, with improper input validation (CWE-20) identified as the No. 1 killer of healthy software.

Visit http://www.sans.org/top25errors/ to read the full report and find out more about the Top 25 Most Dangerous Programming Errors.

-- Kimberlee Morrison


Entrepreneur Staff

Entrepreneur Staff

Editor

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Business News

This Fan-Favorite Masters 2024 Item Is Still $1.50 as Tournament Menu Appears Unscathed by Inflation

The pimento cheese sandwich is a tradition almost as big as the tournament itself.

Business Solutions

Save an Extra 20% on the Ultimate Microsoft Bundle Featuring Windows 11 Pro, Office, and More

Pick up this package of popular Microsoft products for only a fraction of the price through April 16.

Business Solutions

Visualize Data for Better Business: MS Visio is $23.99 Through April 16

Set your team up for success with a reliable tool for creating organizational charts, diagrams, and more.

Business News

I Designed My Dream Home For Free With an AI Architect — Here's How It Works

The AI architect, Vitruvius, created three designs in minutes, complete with floor plans and pictures of the inside and outside of the house.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Business Solutions

Scan Easier and More Affordably with This 20% Discount

iScanner is a mobile app that makes document management, editing, and sharing easier.