Can hackers get through your security?
In the midst of the current rash of high-profile hacking, two nonprofits have updated their list of the top-25 software errors.
Nonprofit MITRE Corp., McLean VA, and SANS Institute, Bethesda MD, recently released the 2011 SANS/MITRE Top 25 Most Dangerous Software Errors, which is designed to help associations and other businesses find and fix their online and electronic weaknesses.
"Any small company or nonprofit should pay attention" to online security, said Robert Martin, who is MITRE's project leader on the Common Weakness Enumeration effort, an online dictionary of software weaknesses, including the top-25 list. Martin said, "Software security is usually misunderstood when your organization is focused on something totally different," but not paying attention to online security puts the association at risk.
The top-rated security threat is a programming error that makes websites susceptible to attack. Hackers used this sort of error to cause databases to release user names and passwords from websites, including one associated with the FBI and NATO’s online bookstore, according to the New York Times.
In addition to identifying the top-25 errors, the CWE site offers tools to help programmers determine their vulnerabilities. To determine where your association's weaknesses might be, Martin suggests starting with the top-25 list, especially if your group does not have the time or resources to look through the CWE's list of 860 weaknesses. Then, concentrate on those weaknesses that most affect the association's business. For instance, securing lines for the transfer of top-security information might not be as important to an association as ensuring access to its website.
To see the top-25 list of software errors go to https://cwe.mitre.org/top25.
