2020 CWE Top 25 I mean 10 or maybe 4.5

A few days ago I ran across this report from MITRE. It’s titled “2020 CWE Top 25 Most Dangerous Software Weaknesses”. I found the report lacking the sort of details I was hoping for, so I’m going rogue and adding those details myself because it’s a topic I care about and I like seeing conclusions.Continue reading “2020 CWE Top 25 I mean 10 or maybe 4.5”

Part 5: Which of these security problems do I need to care about?

If you just showed up here, go back and start at the intro post, you’ll want the missing context before reading this article. Or not, I mean, whatever. I’ve spent the last few posts going over the challenges of security scanners. I think the most important takeaway is we need to temper our expectations. EvenContinue reading “Part 5: Which of these security problems do I need to care about?”