The SANS Institute has published a list of the top 25 most dangerous programming errors and reading through the list was pretty much like meeting a bunch of old friends. Such lists may seem self evident to some but that doesn’t stop development teams falling into the same traps today that were being fallen into ten, twenty or even thirty years ago.
The first thing that struck me was that the list talks specifically about internet application development. Now some younger commentators have pointed out that ‘all this was covered in my degree’. However for anybody who’s been in work for ten years or more, such courses would not have covered preservation of web page structure or cross-site scripting issues because the internet was so young that it was not an issue. It also got me thinking about the wider issues around coding standards and reviews, and why we are so bad at creating and adhering to standards, performing reviews. In short, development teams are still woefully ineffective at learning from the mistakes of others.
The SANS Institute has published a list of the top 25 most dangerous programming errors and reading through the list was pretty much like meeting a bunch of old friends. (more…)