Monday, July 25, 2011

Software Defects and Errors - CWE & OWASP


Defects in software... a day to day affair in software professional's life.  But good to know that there are some volunteers as a group who work on common errors and security defects of software.

Today I came across CWE - Common Weakness Enumeration (a community developed dictionary of common software weakness type). This is community-developed formal list supported by MITRE.  They have listed this on 29th June 2011.  They have sorted the issue list into three categories:
  • Insecure Interaction Between Components
  • Risky Resource Management
  • Porous Defenses

All these listed errors range from component unit level validation to XSS, SQL injection etc.  Approach to avoid such defects and errors are also available in the portal.  This is much useful.

Earlier I have seen OWASP Top 10 defects (Open Web Application Security Project).  Both these list covers majority of the common security defects.

Above benefits, there can be some adverse effect on releasing this list.  To know more read this link.  I feel every software architect and developer be aware of this list and need to prevent the occurrence of these defects in their development.

No comments: