Wednesday, February 17, 2010

Top 25 Programming Errors

The new list of top 25 programming errors was released. Mostly online application issues now. Cross Site Scripting, and OS Command injection are the ones I always think of at the network/web level. Then there's all the buffer overflow/range checking which is common in all forms of code. There are many other ones I have less of an opinion on. There are two I think are worth note:

22 Allocation of Resources Without Limits or Throttling

That's lame. But does open up the risk of (D)Dos attacks very easyily. I think DDOS on the network level can typically be handled by network operators.

25 Race Condition

That's a big one. Right now there is not a single programmer out there who can right multi threaded code without ANY risk of race condition. The only answer is to alter the architecture of the way programming languages are structured, and interface with processors.

No comments: