2020 CWE Top 25 I mean 10 or maybe 4.5

A few days ago I ran across this report from MITRE. It’s titled “2020 CWE Top 25 Most Dangerous Software Weaknesses”. I found the report lacking the sort of details I was hoping for, so I’m going rogue and adding those details myself because it’s a topic I care about and I like seeing conclusions.Continue reading “2020 CWE Top 25 I mean 10 or maybe 4.5”

Part 5: Which of these security problems do I need to care about?

If you just showed up here, go back and start at the intro post, you’ll want the missing context before reading this article. Or not, I mean, whatever. I’ve spent the last few posts going over the challenges of security scanners. I think the most important takeaway is we need to temper our expectations. EvenContinue reading “Part 5: Which of these security problems do I need to care about?”

Part 1: Is your security scanner running? You better go catch it!

This post is the first part in a series on automated security scanners. I explain some of the ideas and goals in the intro post, rather than rehashing that post as filler, just go read it, rehashing content isn’t exciting. There are different kinds of security scanners, but the problem with all of them isContinue reading “Part 1: Is your security scanner running? You better go catch it!”