Rank Score ID Name
[1] 93.8 CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
[2] 83.3 CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
-- the top two are handled by taint propagation. "Improper Neutralization" => "quotification"
[3] 79.0 CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
-- handled by stuff like Milo Martin's Hardbound and Softbound.
[4] 77.7 CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
-- tainting/quotification
[5] 76.9 CWE-306 Missing Authentication for Critical Function
[6] 76.8 CWE-862 Missing Authorization
-- more like real SW bugs, with no crutches like bounds checks of tainting.
-- except that we can imagine that capability systems might help here - it might be made mandatory to activate some capabilities positively, rather than passively inheriting them.
[7] 75.0 CWE-798 Use of Hard-coded Credentials
[8] 75.0 CWE-311 Missing Encryption of Sensitive Data
[9] 74.0 CWE-434 Unrestricted Upload of File with Dangerous Type
-- while we might hope that a capability system might upload such a file but strip it of all ability to do harm, experience suggests that a user will just blindly give the file whatever privileges it asks for.
[10] 73.8 CWE-807 Reliance on Untrusted Inputs in a Security Decision
-- tainiting
[11] 73.1 CWE-250 Execution with Unnecessary Privileges
-- capability systems are supposed to make it easier to implement the "Principle of Least Privilege". However, it still happens.
-- we can imagine security tools that profile privileges - that determine what privileges have never been used, to allow narrowing the privileges as much as possible.
[12] 70.1 CWE-352 Cross-Site Request Forgery (CSRF)
-- tainting, capabilities
[13] 69.3 CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
[14] 68.5 CWE-494 Download of Code Without Integrity Check
[15] 67.8 CWE-863 Incorrect Authorization
[16] 66.0 CWE-829 Inclusion of Functionality from Untrusted Control Sphere
-- tainting
[17] 65.5 CWE-732 Incorrect Permission Assignment for Critical Resource
[18] 64.6 CWE-676 Use of Potentially Dangerous Function
[19] 64.1 CWE-327 Use of a Broken or Risky Cryptographic Algorithm
[20] 62.4 CWE-131 Incorrect Calculation of Buffer Size
-- classic buffer overflow, such as Martin Hardbound/Softbound.
[21] 61.5 CWE-307 Improper Restriction of Excessive Authentication Attempts
[22] 61.1 CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
[23] 61.0 CWE-134 Uncontrolled Format String
[24] 60.3 CWE-190 Integer Overflow or Wraparound
-- these two, 23 and 24, are somewhat handled by buffer overflow checking as in Hardbound and Softbound - the security flaws with integer overflow often manifest themselves as unchecked buffer overflows.
-- however, they can manifest themselves in other ways as well.
[25] 59.9 CWE-759 Use of a One-Way Hash without a Salt
Andy "Krazy" Glew is a computer architect, a long time poster on comp.arch ... and an evangelist of collaboration tools such as wikis, calendars, blogs, etc. Plus an occasional commentator on politics, taxes, and policy. Particularly the politics of multi-ethnic societies such as Quebec, my birthplace. Photo credit: http://docs.google.com/View?id=dcxddbtr_23cg5thdfj
Monday, July 04, 2011
Mitre Top 25 SW bugs
http://cwe.mitre.org/top25/index.html