MITRE Names 2019's Most Dangerous Software Errors

MITRE Names 2019's Most Dangerous Software Errors

Eight years ago, a list of the world's most dangerous software errors was published by problem-solving nonprofit the MITRE Corporation. Yesterday saw the long-awaited release of an updated version of this rag-tag grouping of cyber-crime's most wanted.





The Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Errors list (CWE Top 25) is a roundup of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software.





What makes these bad boys so lethal is that they are often easy to find and exploit. And once attackers have gotten their grappling hooks into the errors, they are frequently able to completely take over execution of software, steal data, or prevent the software from working.





Each error was given a threat score to communicate its level of prevalence and the danger it presents. Topping the table of treachery with a threat score of 75.56 and leading by a huge margin is "improper restriction of operations within the bounds of a memory buffer."





The second-most lethal error was determined to be "improper neutralization of input during web page generation," also known as cross-site scripting, which had a threat score of 45.69. 





In 2011, a subjective approach based on interviews and surveys of industry experts was used to create the list. In 2019, the list's compilers took a data-driven approach, leveraging National Vulnerability Database (NVD) data from the years 2017 and 2018, which consisted of approximately 25,000 CVEs. 





MITRE's goal is to release an updat ..

Support the originator by clicking the read the rest link below.