The Department of Homeland Security, in conjunction with the SANS Institute and Mitre, has published a list of this year's top 25 security vulnerabilities, and released new tools for measuring software security risks.
The 2011 CWE/SANS Top 25 Most Dangerous Software Errors covers the most prevalent and easily exploitable vulnerabilities, and was complied by security professionals in industry, academia and government.
The list includes advice for spotting and working around the vulnerabilities for specific sectors, such as e-commerce and industry, and provides pointers for developers on the mistakes to avoid.
"SQL injection delivers the knockout punch of security weaknesses in 2011. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom," said the SANS Institute.
"OS command injection is where the application interacts with the operating system. The classic buffer overflow comes in third, still pernicious after all these decades."
"Cross-site scripting is the bane of web applications everywhere. Rounding out the top five is missing authentication for critical functionality."
The organisations also released two new tools designed to simplify the spotting and fixing of vulnerabilities.
The Common Weakness Risk Analysis Framework provides a system for companies in different sectors to test their applications to find the most dangerous vulnerabilities likely to occur.
The Common Weakness Scoring System, meanwhile, allows developers and IT managers to prioritise the most important vulnerabilities within their operating system, applications and third-party code, and adjust patching and workflow schedules accordingly.
British Airways blames 'global systems outage' for IT meltdown
Mark Zuckerberg mercilessly trolled by Harvard student newspaper after return to university he dropped out of 12 years ago
'Unauthorised user' blamed by Harvard for insulting Mark Zoinkerberg
Android under attack from 'Judy', Google Play Store malware that has infected up to 36.5 million users
Yet more Android malware discovered on the Google Play Store
Airport believes new system will be more reliable than GPS or Google Maps