"Computer security experts have warned for years that the endless cycle of software flaws and exploits will only be broken when we create incentives for software authors and publishers to get it right. On January 12 (2009), the industry took a potentially important step toward that goal when a broad coalition of companies, government agencies, academics, and advocacy groups launched a program to assure that software is free of 25 common errors that lead to the bulk of security problems." The program was developed jointly by the SANS Institute and MITRE, with backing from the National Security Agency's (NSA's) Information Assurance Directorate (IAD) and the Department of Homeland Security (DHS), the article said.
In SANS Institute's press release of January 12, NSA's Tony Sager commented on the program's significance; "The publication of a list of programming errors that enable cyber espionage and cyber crime is an important first step in managing the vulnerability of our networks and technology. There needs to be a move away from reacting to thousands of individual vulnerabilities, and to focus instead on a relatively small number of software flaws that allow vulnerabilities to occur, each with a general root cause. Such a list allows the targeting of improvements in software development practices, tools, and requirements to manage these problems earlier in the life cycle, where they can be solved on a large scale and cost-effectively."