Skip to content
This repository has been archived by the owner on Jul 25, 2023. It is now read-only.

At least one of the project's primary developers MUST know of common kinds of errors that lead to vulnerabilities in this kind of software, as well as at least one method to counter or mitigate each of them. #462

Open
v0lkan opened this issue Jul 5, 2023 · 0 comments
Open

At least one of the project's primary developers MUST know of common kinds of errors that lead to vulnerabilities in this kind of software, as well as at least one method to counter or mitigate each of them. #462

v0lkan opened this issue Jul 5, 2023 · 0 comments
Labels
openssf

Comments

@v0lkan
Copy link
Contributor

v0lkan commented Jul 5, 2023

Examples (depending on the type of software) include SQL injection, OS injection, classic buffer overflow, cross-site scripting, missing authentication, and missing authorization. See the CWE/SANS top 25 or OWASP Top 10 for commonly used lists. Many books and courses are available to help you understand how to develop more secure software and discuss common implementation errors that lead to vulnerabilities. For example, the Secure Software Development Fundamentals course is a free set of three courses that explain how to develop more secure software (it's free if you audit it; for an extra fee you can earn a certificate to prove you learned the material).
@v0lkan v0lkan added this to Aegis Jul 4, 2023
@v0lkan v0lkan converted this from a draft issue Jul 5, 2023
@v0lkan v0lkan added the openssf label Jul 5, 2023
@v0lkan v0lkan removed this from Aegis Jul 5, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
openssf
Projects
Aegis Open SSF Compliance
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@v0lkan