Today, in Washington D.C., a convergence of industry specialist have gathered to release the Top 25 Programming Errors and to also announce the establishment of common contract language that does not hold buyers liable for software containing flawed code.
The list includes many exploits that have been recently used; including the flaw that allowed Chinese hackers to infiltrate Google’s secured network. The idea is that with broader education of the most commonly exploited flaws, programmers will be able to better protect their products.
The group of “acquisition experts [also] agreed on a standard for contract language between software buyers and developers. The use of this contract language helps ensure buyers are not held liable for software containing faulty code. Coding errors are a common gateway for attackers to penetrate networks.” While this language is important to help protect the end user, it is up to the software vendor to include the wording in their own EULA.
Lists such as these are important to help build more secure applications. With the most common flaws for programming exposed it should help to build more secure applications and reduce network vulnerability. These lists do not only help ensure that consumers are protected but also government agencies that may depend on consumer products.