From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.5-pre1 (2020-06-20) on ip-172-31-74-118.ec2.internal X-Spam-Level: X-Spam-Status: No, score=-1.9 required=3.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.5-pre1 X-Received: by 2002:ac8:431a:: with SMTP id z26mr11122958qtm.298.1598384594491; Tue, 25 Aug 2020 12:43:14 -0700 (PDT) X-Received: by 2002:a0c:fa50:: with SMTP id k16mr10433343qvo.132.1598384594307; Tue, 25 Aug 2020 12:43:14 -0700 (PDT) Path: eternal-september.org!reader01.eternal-september.org!feeder.eternal-september.org!news.gegeweb.eu!gegeweb.org!usenet-fr.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail Newsgroups: comp.lang.ada Date: Tue, 25 Aug 2020 12:43:13 -0700 (PDT) In-Reply-To: Complaints-To: groups-abuse@google.com Injection-Info: google-groups.googlegroups.com; posting-host=47.185.220.67; posting-account=zwxLlwoAAAChLBU7oraRzNDnqQYkYbpo NNTP-Posting-Host: 47.185.220.67 References: <268eed24-fa23-4cf0-82f1-6f344885858dn@googlegroups.com> User-Agent: G2/1.0 MIME-Version: 1.0 Message-ID: <1206a504-4181-48b8-b1ae-3b5f306ae3aen@googlegroups.com> Subject: Re: MITRE's top-25 list of 2020 software-bug categories From: Andreas ZEURCHER Injection-Date: Tue, 25 Aug 2020 19:43:14 +0000 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Xref: reader01.eternal-september.org comp.lang.ada:59799 List-Id: On Saturday, August 22, 2020 at 8:38:27 PM UTC-5, Luke A. Guest wrote: > On 22/08/2020 22:30, Jeffrey R. Carter wrote:=20 > > On 8/22/20 6:31 PM, Andreas ZEURCHER wrote:=20 corrected the missing slash on the right end:=20 https://www.bleepingcomputer.com/news/security/mitre-shares-this-years-top-= 25-most-dangerous-software-bugs/ > > This gives me a "not found" error.=20 > > > Same.=20 >=20 > Would 've been nice if you've have also given the examples and how Ada=20 > solved them. I am not going to write an entire textbook here on c.l.a, but here are the = nine of the top twenty-five subcategories that I consider Ada diligently tr= ying to mitigate or eliminate when properly utilized: =E2=80=A2 2nd-most frequent: CWE-787 Out-of-bounds Write =E2=80=A2 3rd-most frequent: CWE-20 Improper Input Validation =E2=80=A2 4th-most frequent: CWE-125 Out-of-bounds Read =E2=80=A2 5th-most frequent: CWE-119 Improper Restriction of Operations wi= thin the Bounds of a Memory Buffer =E2=80=A2 8th-most frequent: CWE-416 Use After Free =E2=80=A2 11th-most frequent: CWE-190 Integer Overflow or Wraparound =E2=80=A2 13th-most frequent: CWE-476 NULL Pointer Dereference =E2=80=A2 17th-most frequent: CWE-94 Improper Control of Generation of Cod= e ('Code Injection') =E2=80=A2 23rd-most frequent: CWE-400 Uncontrolled Resource Consumption On Monday, August 24, 2020 at 11:55:46 AM UTC-5, nobody in particular wrote= : > On 22/08/2020 21:30, Jeffrey R. Carter wrote:=20 > > On 8/22/20 6:31 PM, Andreas ZEURCHER wrote:=20 > >>=20 > >> https://www.bleepingcomputer.com/news/security/mitre-shares-this-years= -top-25-most-dangerous-software-bugs=20 > >>=20 > >=20 > > This gives me a "not found" error. > That was #26 on the list but they had to cut it off somewhere. There are 1,248 Common Weakness Enumerations (CWEs) that MITRE lobs against= software development (instead of against hardware development), so you can= peruse the 26th through 1,248th if you so desire. Query 699 is the one fo= r looking at the full inventory of subcategories of software defects. Thes= e 1,248 subcategories (and the aforementioned top-25 subcategories) fall in= to 40 more-macroscopic broader categories. https://cwe.mitre.org/data/definitions/699.html I claim that next-gen Ada (AdaNG, pronounced =E2=80=9Ca dang=E2=80=9D as in= do we give a dang or not) would use these 1,248 categories as measuring st= ick of expressibility of software-engineering correctness, just as HOLWG's = Green and Ada used Steelman as measuring stick of the ability to express so= ftware-engineering correctness.