A group of about 40 security experts published a list of the 25 top development mistakes that lead to serious security problems that affect millions of systems.
The participating organizations hope that the list will lead to safer software products.
Among the top 25 offenders are common problems such as insufficient user-supplied input validation, SQL injection, and cross-site scripting.
If you write code or contract developers to write code for you then be sure to have a look at the list. Also, have a look at Application Security Procurement Language written by Will Pelgrin, who is CSO for the state of New York, and Jim Routh, CISO at Depository Trust and Clearing Corporation. The document can serve as a good model for contract language when procuring software.
