It's always worth taking note of anything from the SANS institute so it was interesting to see their latest announcement.
They've gathered consensus from experts in over 30 computer security organisations to release the list of the 25 most dangerous programming errors. These are the errors that lead to security bugs and that enable cyber espionage and cyber crime.
It's a bit of a shock, but most of these errors are not well understood by programmers. They're often not taught by computing courses and they are not tested for by organisations developing software for sale.
This is serious stuff. Just two of the errors led to more than 1.5 million web site security breaches during 2008. These sites were often compromised and in turn compromised the computers of people who visited those sites turning them into zombies for botnets.
Well - we're most likely talking Windows computers for the zombies, but any platform can be compromised by SQL injection attacks.
Scary stuff.
That list in full from SANS...