In mid-January, security professionals were confronted with the biggest online worm since 2004. Referred to as "downadup" or "conficker," the bug spread to more than 1 million computers in less than three weeks. And it is just the latest example of the chronic security challenges of our increasingly connected world.
Recently, a number of international cybersecurity organizations collaborated to create a list of the 25 most dangerous software programming errors — all of which can lead to serious cases of cybercrime. In fact, according to computer security research and training organization SANS, just two of the 25 listed errors led to more than 1.5 million online security breaches last year. Perhaps more shocking, however, is the fact that computer science students are not taught how to avoid these errors and many programmers do not understand them.
“It’s such common knowledge that we continue to have vulnerabilities, some of them daily,” said Hord Tipton, executive director at (ISC)2. “At this point, we continue to have to patch our servers and our equipment and train people to look for the things that result from software that continues to have the vulnerability.”
With the new list of 25 errors, programmers now have a common set of weaknesses to direct their attention to; colleges can benchmark their curricula against the list to make sure they are hitting key topics; and, at the operation stage, software-testing tools can be implemented to ensure applications are error-free.
Security education experts at…
Please log in or subscribe to read this article