From: Andreas ZEURCHER <ZUERCHER_Andreas@outlook.com>
Subject: Re: MITRE's top-25 list of 2020 software-bug categories
Date: Tue, 25 Aug 2020 12:43:13 -0700 (PDT) [thread overview]
Message-ID: <1206a504-4181-48b8-b1ae-3b5f306ae3aen@googlegroups.com> (raw)
In-Reply-To: <rhshae$1lb1$1@gioia.aioe.org>
On Saturday, August 22, 2020 at 8:38:27 PM UTC-5, Luke A. Guest wrote:
> On 22/08/2020 22:30, Jeffrey R. Carter wrote:
> > On 8/22/20 6:31 PM, Andreas ZEURCHER wrote:
corrected the missing slash on the right end:
https://www.bleepingcomputer.com/news/security/mitre-shares-this-years-top-25-most-dangerous-software-bugs/
> > This gives me a "not found" error.
> >
> Same.
>
> Would 've been nice if you've have also given the examples and how Ada
> solved them.
I am not going to write an entire textbook here on c.l.a, but here are the nine of the top twenty-five subcategories that I consider Ada diligently trying to mitigate or eliminate when properly utilized:
• 2nd-most frequent: CWE-787 Out-of-bounds Write
• 3rd-most frequent: CWE-20 Improper Input Validation
• 4th-most frequent: CWE-125 Out-of-bounds Read
• 5th-most frequent: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
• 8th-most frequent: CWE-416 Use After Free
• 11th-most frequent: CWE-190 Integer Overflow or Wraparound
• 13th-most frequent: CWE-476 NULL Pointer Dereference
• 17th-most frequent: CWE-94 Improper Control of Generation of Code ('Code Injection')
• 23rd-most frequent: CWE-400 Uncontrolled Resource Consumption
On Monday, August 24, 2020 at 11:55:46 AM UTC-5, nobody in particular wrote:
> On 22/08/2020 21:30, Jeffrey R. Carter wrote:
> > On 8/22/20 6:31 PM, Andreas ZEURCHER wrote:
> >>
> >> https://www.bleepingcomputer.com/news/security/mitre-shares-this-years-top-25-most-dangerous-software-bugs
> >>
> >
> > This gives me a "not found" error.
> That was #26 on the list but they had to cut it off somewhere.
There are 1,248 Common Weakness Enumerations (CWEs) that MITRE lobs against software development (instead of against hardware development), so you can peruse the 26th through 1,248th if you so desire. Query 699 is the one for looking at the full inventory of subcategories of software defects. These 1,248 subcategories (and the aforementioned top-25 subcategories) fall into 40 more-macroscopic broader categories.
https://cwe.mitre.org/data/definitions/699.html
I claim that next-gen Ada (AdaNG, pronounced “a dang” as in do we give a dang or not) would use these 1,248 categories as measuring stick of expressibility of software-engineering correctness, just as HOLWG's Green and Ada used Steelman as measuring stick of the ability to express software-engineering correctness.
next prev parent reply other threads:[~2020-08-25 19:43 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-22 16:31 MITRE's top-25 list of 2020 software-bug categories Andreas ZEURCHER
2020-08-22 21:30 ` Jeffrey R. Carter
2020-08-23 1:36 ` Luke A. Guest
2020-08-23 1:38 ` Luke A. Guest
2020-08-23 6:25 ` darkestkhan
2020-08-25 19:43 ` Andreas ZEURCHER [this message]
2020-08-23 14:43 ` Florian Weimer
2020-08-24 16:55 ` nobody in particular
2020-08-25 19:09 ` Shark8
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox