The U.S. Department of Homeland Security (DHS) wants to help make applications less susceptible to attacks. To that end, it is releasing new application security guidance that includes an updated list of the 25 top programming errors compiled by the SANS Institute and Mitre. It will also include tools for eliminating those errors.
“This is the only way to get around ‘zero days,'” said Alan Paller, head of research at SANS. “The only possible defense is to stop the error from being in the software in the first place.”