Today I read of the 25 most dangerous coding errors revealed. Really, if you are a half-way decent coder these shouldn't come as much of a surprise to you, yet some of these are marvelously generic.
CWE-682: Incorrect CalculationThis is so generic that it's hard to say it's dangerous. It depends quite a lot on WHAT is being calculated.
CWE-330:Use of Insufficiently Random ValuesAgain, depends on the use of those random values. Although obviously, some cryptographic use is implied.
All in all, this list seems fairly complete, but now what? Anyone who have made these mistakes in the first place, probably won't know, and probably won't go fix them because of the list. This is why you, and every organization, needs software architects. Any decent software architect knows about these issues, have probably seen them before, and know how to find them and fix them.
Posts
No comments:
Post a Comment