Experts trumpet '25 most dangerous' programming errors
And tips to avoid them
Computer experts from more than 30 organizations worldwide have released a consensus list of the 25 most dangerous programming errors that lead to security breaches.
The list, which was spearheaded by the National Security Agency, is the first time a broad cross-section of the world's computer scientists have reached formal agreement on the most common programming pitfalls.
Few programming classes teach students how to avoid the mistakes, and organizations that develop software for sale generally don't screen their products for them. Instead, security literature and programs generally focuses on the vulnerabilities that result from such mistakes rather than on the mistakes themselves. By contrast, the consensus list concentrates on the programming errors that cause such vulnerabilities and offers concrete measures developers can take to avoid them.
"Now, with the Top 25, we can spend less time working with police after the house has been robbed and instead focus on getting locks on the doors before it happens," said Paul Kurtz, executive director of a group called the Software Assurance Forum for Excellence in Code.
The list could one day shift the responsibility of developing secure code to software companies by allowing buyers to get signed assurances that the products are free of the 25 errors, at least according to a press release announcing the list. (We find it hard to imagine Microsoft, Symantec, Oracle and any of the other software companies represented in the group agreeing to go along with such a plan, but there you go.)
New York state is already using the list to adjust contract language with software vendors, according to the press release.
More realistically, the list might help improve the quality of programming classes and training programs by creating consensus about what the most common mistakes are and what developers can do to prevent them.
The list is broken into three categories labeled insecure interaction between components (nine errors), risky resource management (nine also) and porous defenses (seven). Mistakes include improper input validation, external control of external state data and improper access control. Just two of the mistakes led to more than 1.5m website breaches last year, according to the SANS Institute. ®
@ Torben Mogensen
I took a C/C++ programming course 10 years ago and we learned all that back then. Maybe my instructor was ahead of his time (or just knew what he was doing) or maybe too many programmers/project managers don't know or worse don't care?
I don't know the answer, but I don't think you can blame the language. If a project is so pushed for time that there is not enough time to do it correctly using a language that requires a little care, then perhaps the project has been improperly scheduled?
How about the firmware that makes a diskdrive spin ? That is megabytes of embedded firmware. ZERO dynamic memory allocation ! For some portions of that firmware they go so far as to hand allocate the memory locations. This byte here, that word there. And the real critical code is handcrafted assembly. Interrupt handling has to be absolute and deterministic
i blame the likes of RAM and FLASH memory and Von Nuemann architectures
It's all the fault of running code from RAM and FLASH and Von Neumann architectures
If you have a true harvard machine then there is no such thing as code injection from data space. There is code memory and data memory. you can not execute from data memory. Simple as that. And there is also I/O space. And only code can go to I/O space.
Then there is the memories : when processors only had ROM (mask rom or antifuse rom or OTP ) to run from, there were far fewer errors. First of all the code could not be overwritten by something malicious. The rom was masked during fabrication and that was it. Second point: quality control was much bette.r The attitude now is , oh well we'll fix it in the next release . If you have to shell out for a new maskset you will think at least 500000000 times about each and every instruction you put down.
What's my point ? Why does nobody make an OS that can boot from write protected flash ? you install on a clean machine. Load the OS core and drivers that you need. ONce this install is done : powerdown , flip WP switch and restart. If your machine catches a bug : hit the reset button. bye bye virus, spyware or whatever. I don't care. This could easily be done. Make a split registry and program files directory. The stuff that is critical sits in WP block. The visible file system is a logical OR between the flash and harddisk with the flash having priority. So if a nasty throws a couple of DLL's in virtual 'c:\windows\system' . Let it ! who cares. Those files end up on the harddisk. During boot the OS does not load anything from HDD. THe files on the flash have priority. If a duplicate file is found betwene flash and HDD you get a message after boot that file so and so is in location so and so and a duplicate exisits in flash. Cleanup ? yes-no?
Given that an OS + APPS is small. Couple of gigabyte and flash cost pennies : what are we waiting for ? I would immediatel ybuy such a machine. Primary volume : 8 or 16 or 32Gbyte flashdrive with mechanical WP ( a switch ), data volume : standard harddisk.
The only pain : when you need to install or do an upgrade you need to power down flick a switch and then do that again. Advantage : you always boot from a known good system. If an update is in order : download file. power down. flick switch , launch system ( now in known good state ) deploy update , power down , flick switch to safe , power up. Done. But then again. how many times a year do you install new software ? And when installing software you can give option : to safe zone or to harddisk. ( remember the visible filesystem is a logical OR between flash and HDD ( not at bit level of course but at file/directory level), with the files in flash having priority. So you can install your game to harddisk. but some app that is more critical to flash, in whihc case the installation procedure requires you to do the switch toggling. I would make the switch toggle something like : you need to press this button while powering up. That way you force people from doing the safe procedure.
It's so simple , i wonder why nobody has thought about this before. Especially these days when flash is 1$ a gigabyte...