Today in Washington, DC, experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.

The errors are categorized into 3 general categories

• Insecure Interaction Between Components (9 errors)
• Risky Resource Management (9 errors)
• Porous Defenses (7 errors)

There are very interesting examples, like Race Conditions, some very well known but overlooked like Download of Code Without Integrity Check and some that were already discussed on Shortinfosec, like .

SANS also includes recommendation for risk mitigation for each error.
The full list of errors is published here


Talkback and comments are most welcome