The Scariest Most Dangerous Software Weaknesses That Will Haunt Your Dreams

The 2020 Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Weaknesses (CWE Top 25) is a demonstrative list of the most common and impactful software (and hardware) vulnerabilities experienced over the previous two calendar years.

It’s a very interesting website so if you haven’t seen it get over there!!

As weaknesses these are VERY dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working. The CWE Top 25 is a valuable community resource that can help developers, testers, and users — as well as project managers, security researchers, and educators — provide insight into the most severe and current security vulnerabilities that we proclaim to be inherent weaknesses.

We typically respond to these “weaknesses” as frightening situations that can either be hardened or used in a criminal attack…it just depends on who finds them first!

As the decision-maker in a command and control structure, I have around 4 risk decisions to make about these known vulnerabilities:

Avoid

Transfer

Mitigate

Accept

However, since vulnerabilities are not inherently weaknesses (as we’ve already established) there are other decisions I can make about these known AND the yet to be discovered vulnerabilities (aka, “Zero Day” vulnerabilities).

The 25 vulnerabilities listed here don’t have to be as scary as we make them out to be, however our response is typically active defense (see resource below), hardening aspects of the information system or transferring, or accepting the risk.

The problem is that, being on constant defense is exhausting, unsustainable and unrealistic.

https://shield.mitre.org/attack_mapping/TA0011/

There is another practical and easily accessible way to respond.

Stay tuned!!!

Visit these links for more info.

Reference: https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html

Join My Patreon for more of this content and exclusive videos www.patreon.com/cherylabram