News Stay informed about the latest enterprise technology news and product updates.

Value of SANS' list of top software errors rests on project managers

Whether the CWE/SANS list of the 25 most dangerous programming errors will contribute to the creation of better software depends on whether managers, rather than developers, read it and take action, according to Jack Danahy, chief technology officer and co-founder of source code vulnerability analysis firm Ounce Labs Inc. I talked with Danahy today about the follow-up and follow-through that could make the list a valuable turning point in development, rather than a partially-remembered checklist.

“It’s one thing to come up with a list of 25 things that developers should consider, but we haven’t arrived at a point where anyone is meaningfully asking or requiring developers to consider these things,” Danahy said.

Project managers should support developers spending time to research these issues, in Danahy’s view. The best-case scenario would be that software development managers -– the program manager, business unit manager, software auditor, etc. -– would use this list in specifications, asking for metrics to make sure that those errors have been looked for and eliminated before the software rolls into production.

“Developers won’t remember this list off the top of their heads, but if it becomes codifed as a requirement they will remember,” Danahy said. “A team could come up with distilled list of 5to 12 key design criteria that would provide the essence of keeping these errors from happening.”

To read more opinions about the CWE/SANS research, check out software development pro Mike Kelly’s post on using the list and’s news report.

What will your organization do with this list? Will it have an impact or be quickly forgotten? Sound off in our comments below or by writing to

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Check out [A href=",289142,sid14_gci1344962,00.html"]this article from[/A] -- New York is trying to legislate more secure code as Danahy suggested.
Hm, intersting rendered of that link. Should take you here:,289142,sid14_gci1344962,00.html