But no matter how good it is, a list won't solve this problem.
Yes, it's a fine list. It includes all our old favorites: , unchecked input, random numbers that aren't really random, failure to block and . (You can find the complete list at .)
Trouble is, we've seen . Security groups have been issuing them for decades -- and nothing much has changed.
SANS and Mitre say this one is better, because this time they tapped dozens of other organizations to help compile the top 25 programming problems. Surely that will convince programmers to see the error of their ways and start coding securely, won't it?
No, it won't. Programmers who care about security don't need this new list. They already know about these problems and work to avoid them.