Rank Score ID Name [1] 93.8 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [2] 83.3 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') -- the top two are handled by taint propagation. "Improper Neutralization" => "quotification" [3] 79.0 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') -- handled by stuff like Milo Martin's Hardbound and Softbound. [4] 77.7 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') -- tainting/quotification [5] 76.9 CWE-306 Missing Authentication for Critical Function [6] 76.8 CWE-862 Missing Authorization -- more like real SW bugs, with no crutches like bounds checks of tainting. -- except that we can imagine that capability systems might help here - it might be made mandatory to activate some capabilities positively, rather than passively inheriting them. [7] 75.0 CWE-798 Use of Hard-coded Credentials [8] 75.0 CWE-311 Missing Encryption of Sensitive Data [9] 74.0 CWE-434 Unrestricted Upload of File with Dangerous Type -- while we might hope that a capability system might upload such a file but strip it of all ability to do harm, experience suggests that a user will just blindly give the file whatever privileges it asks for. [10] 73.8 CWE-807 Reliance on Untrusted Inputs in a Security Decision -- tainiting [11] 73.1 CWE-250 Execution with Unnecessary Privileges -- capability systems are supposed to make it easier to implement the "Principle of Least Privilege". However, it still happens. -- we can imagine security tools that profile privileges - that determine what privileges have never been used, to allow narrowing the privileges as much as possible. [12] 70.1 CWE-352 Cross-Site Request Forgery (CSRF) -- tainting, capabilities [13] 69.3 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [14] 68.5 CWE-494 Download of Code Without Integrity Check [15] 67.8 CWE-863 Incorrect Authorization [16] 66.0 CWE-829 Inclusion of Functionality from Untrusted Control Sphere -- tainting [17] 65.5 CWE-732 Incorrect Permission Assignment for Critical Resource [18] 64.6 CWE-676 Use of Potentially Dangerous Function [19] 64.1 CWE-327 Use of a Broken or Risky Cryptographic Algorithm [20] 62.4 CWE-131 Incorrect Calculation of Buffer Size -- classic buffer overflow, such as Martin Hardbound/Softbound. [21] 61.5 CWE-307 Improper Restriction of Excessive Authentication Attempts [22] 61.1 CWE-601 URL Redirection to Untrusted Site ('Open Redirect') [23] 61.0 CWE-134 Uncontrolled Format String [24] 60.3 CWE-190 Integer Overflow or Wraparound -- these two, 23 and 24, are somewhat handled by buffer overflow checking as in Hardbound and Softbound - the security flaws with integer overflow often manifest themselves as unchecked buffer overflows. -- however, they can manifest themselves in other ways as well. [25] 59.9 CWE-759 Use of a One-Way Hash without a Salt
Disclaimer
The content of this blog is my personal opinion only. Although I am an employee - currently of Nvidia, in the past of other companies such as Iagination Technologies, MIPS, Intellectual Ventures, Intel, AMD, Motorola, and Gould - I reveal this only so that the reader may account for any possible bias I may have towards my employer's products. The statements I make here in no way represent my employer's position, nor am I authorized to speak on behalf of my employer. In fact, this posting may not even represent my personal opinion, since occasionally I play devil's advocate.
See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.
See http://docs.google.com/View?id=dcxddbtr_23cg5thdfj for photo credits.
Monday, July 04, 2011
Mitre Top 25 SW bugs
http://cwe.mitre.org/top25/index.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment