Tom,
>From the business' point of view, they really don't care if widget X
has weaknesses, they want to know how to make money by buying and
using widget X. They assume X is safe by default, even though it's
not. They've been doing fast and crappy for so long, and made heaps of
money from it, that
All, I'm the editor of the Top 25 list. Thanks to Ken and others on SC-L
who provided some amazing feedback before its publication. I hope we were
able to address most of your concerns and am sorry that we couldn't
address all of them.
Note that MITRE's site for the Top 25 is more technically d
CVE - http://cve.mitre.org/ known problems known systems
CWE - http://cwe.mitre.org/ classes of problems unknown systems
http://cwe.mitre.org/top25/
Will business start to talk CWE as they already talk CVE?
Discussion/Debate/Thoughts
Tom Brennan
-Original Message-
From: sc-l-boun...@
FYI, a top 25 programming errors list from the folks at SANS has been
released. See the following for details:
http://www.sans.org/top25errors/
Cheers,
Ken
-
Kenneth R. van Wyk
KRvW Associates, LLC
http://www.KRvW.com
smime.p7s
Description: S/MIME cryptographic signature
___