
Most Dangerous Software Errors - MrXOR
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
======
WalterBright
[1], [5], and [12] are array bounds overflows, and sum up to a score of
113.17.

In contrast, [14] Null Pointer Dereference only has a score of 9.74.

This is why I disagree that null pointers were the billion dollar mistake -
buffer overflows are.

C's Biggest Mistake:
[https://www.digitalmars.com/articles/b44.html](https://www.digitalmars.com/articles/b44.html)

~~~
tgv
The billion dollar mistake refers to Hoare's statement, not the fact that it
might have been a more or less costly error. And errors in terms of security
are not all that matter: a simple crash can cost money too.

[https://en.wikipedia.org/wiki/Tony_Hoare#Apologies_and_retra...](https://en.wikipedia.org/wiki/Tony_Hoare#Apologies_and_retractions)

------
blowski
I find the OWASP cheatsheets to be a good start at identifying, understanding
and fixing issues like these.

[https://cheatsheetseries.owasp.org/cheatsheets/IndexASVS.htm...](https://cheatsheetseries.owasp.org/cheatsheets/IndexASVS.html)

------
tinus_hn
Number 6 will surprise you!

------
iptel
Dealing with the general public is hard.

