Buyers urged to hold suppliers more accountable for buggy software
A list of the 25 most common programming errors that undermine firms’ security has been released by a band of 30 global security experts.
The aim of the list is to highlight the need for security to be embedded earlier into the software development lifecycle.
Cross-site scripting – the failure to secure web page structure – was identified as the biggest threat by the US-funded group of government agencies and suppliers, which include McAfee and the National Security Agency. This was followed by the familiar faces of software vulnerability errors that cause SQL injection attacks and programming errors that cause buffer overflow. The whole project was orchestrated by research and development organisation Mitre and SANS Institute.
One use of the list could be to create standard contract language between software developers and their buyers, ensuring that buyers would not be held liable for any software containing shoddy code. Ultimately this would make suppliers more accountable for any problems with the software.