Wednesday, January 14, 2009

Dangerous Coding Errors

The NSA released a list of 25 coding errors that can be exploited by cybercriminals. These errors are commonly overlooked by programmers whom the agency claims rarely understand them. But according to the SANS Institute in Maryland, only two of those listed led to actual breaches in the last year. More than 30 organizations, including computer giant Microsoft, collaborated on the document; this is thought to be the first time the industry has concurred on errors of this nature.

These errors are those which must be eradicated before software is released to the public, as well as those for which some means of correction must be developed in order to eliminate them from existing software. If programmers verify their code is free of only these 25 errors, it could greatly deter hackers, according to experts. "The real dedicated serial attacker will probably find a way in even if all these errors were removed. But a high school hacker with malicious intent - ankle-biters if you will - would be deterred from breaking in," Patrick Lincoln, director of the Computer Science Laboratory at SRI International, told the BBC.

Tantamount to all of this, a statement from the US Office of the Director of National Intelligence, the principal adviser to the President, the National Security Council, and the Homeland Security Council, misspelled "cybereducation."

© C Harris Lynn, 2008

No comments: