16 Feb 2010: Red Hat's Top 11 Most Serious Flaw Types for 2009
Feb 17, 2010, 23:33 (0 Talkback[s])
(Other stories by Mark Cox)
"The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors was
published today listing the most widespread issues that lead to
"During the creation and review of the list we spent some time
to see how closely last years list matched the types of flaws we
deal with at Red Hat. We first looked at all the issues that Red
Hat fixed across our entire product portfolio in the 2009 calendar
year and filtered out those that had the highest severity. All our
2009 vulnerabilities have CVSS scores, so we filtered on those that
have a CVSS base score of 7.0 or above.
"There were 22 vulnerabilities that matched, and we mapped each
one to the most appropriate CWE. This gives us 11 flaw types which
led to the most severe flaws affecting Red Hat in 2009:"