Security Enumerations

The September/October 2009 Crosstalk has an article by Robert A. Martin entitled "Making Security Measurable and Manageable" which includes a list of security enumerations. The security enumerations are:

  • CVE
  • Common Weakness Enumeration (CWE)
  • Common Attack Pattern Enumeration and Classification (CAPEC)
  • Common Configuration Enumeration (CCE)
  • Common Platform Enumeration (CPE)
  • The SANS Institute Top 20 Security Risks
  • Open Web Application Security Project’s Top 10
  • Web Application Security Consortium’s Threat
  • CWE/SANS Top 25 Most Dangerous Programming Errors


SD Times NASA’s 10 rules for developing safety-critical code

SD Times had an article in the February 2015 edition entitled NASA’s 10 rules for developing safety-critical code. It seemed familiar but I thought I would do a blog post. First thing I did was look up the original paper – which was published back in 2006. It seemed even more familiar. Reason why – see my post from 2011 – The Power of Ten –- Rules for Developing Safety Critical Code.