"The DHS/Mitre announcement ... is just that -- an updated, authoritative list of the key flaws plus a measuring system that lets organizations score their software for security," Paller said. "The bottom line is that buyers and builders of software and services will be able to ask for assurance that the critical flaws have been eliminated, and be able to verify that."

The updated Top 25 list of most dangerous programming errors that the scoring system is based on includes many of the same security issues from last year's list. The one key difference is that SQL Injection errors top the list for 2011, compared with last year, when they were the second most dangerous error.

Operating System Command injection errors, which allow attackers to issue OS commands through a Web application interface, was listed as the second most dangerous software programming error in this year's list. Rounding out the top five threats were buffer overflow errors, cross site scripting flaws and missing authentication for critical functions.

The list of errors released on Monday was accompanied with suggestions and guidance on how software developers can mitigate the chances of such flaws showing up in their products.

"[These] kinds of list are good ways to focus attention on the biggest vulnerability areas," said John Pescatore, an analyst with Gartner. "Things like the Common Vulnerability Scoring Standard have been around for a while providing a common framework for describing vulnerabilities and tailoring severity levels to your own environment."