• DocumentCode
    987141
  • Title

    Improving Software Security by Eliminating the CWE Top 25 Vulnerabilities

  • Author

    Howard, Michael

  • Author_Institution
    Microsoft
  • Volume
    7
  • Issue
    3
  • fYear
    2009
  • Firstpage
    68
  • Lastpage
    71
  • Abstract
    CWE, which stands for Common Weakness Enumeration, is a project sponsored by the National Cyber Security Division of the US Department of Homeland Security to classify security bugs. It assigns a unique number to weakness types such as buffer overruns or cross-site scripting bugs (for example, CWE- 327 is "Use of a Broken or Risky Cryptographic Algorithm"). Shortly after the Top 25 list\´s release, Microsoft unveiled a document entitled, "The Microsoft SDL and the CWE/SANS Top 25," to explain how Microsoft\´s security processes can help prevent the worst offenders (http://blogs.msdn.com/sdl/ archive/2009/01/27/sdl-and-the -cwe-sans-top-25. aspx).
  • Keywords
    security of data; National Cyber Security Division; US Department of Homeland Security; common weakness enumeration; software security; Computer bugs; Encoding; Forgery; MySpace; Operating systems; Protection; Security; Social network services; Storage area networks; Wire; Basic training; CWE; SDL; software development lifecycle; vulnerabilities;
  • fLanguage
    English
  • Journal_Title
    Security & Privacy, IEEE
  • Publisher
    ieee
  • ISSN
    1540-7993
  • Type

    jour

  • DOI
    10.1109/MSP.2009.69
  • Filename
    5054914
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=987141