The Department of Homeland Security, in conjunction with the SANS Institute and Mitre, has published a list of this year's top 25 security vulnerabilities, and released new tools for measuring software security risks.
The 2011 CWE/SANS Top 25 Most Dangerous Software Errors covers the most prevalent and easily exploitable vulnerabilities, and was complied by security professionals in industry, academia and government.
The list includes advice for spotting and working around the vulnerabilities for specific sectors, such as e-commerce and industry, and provides pointers for developers on the mistakes to avoid.
"SQL injection delivers the knockout punch of security weaknesses in 2011. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom," said the SANS Institute.
"OS command injection is where the application interacts with the operating system. The classic buffer overflow comes in third, still pernicious after all these decades."
"Cross-site scripting is the bane of web applications everywhere. Rounding out the top five is missing authentication for critical functionality."
The organisations also released two new tools designed to simplify the spotting and fixing of vulnerabilities.
The Common Weakness Risk Analysis Framework provides a system for companies in different sectors to test their applications to find the most dangerous vulnerabilities likely to occur.
The Common Weakness Scoring System, meanwhile, allows developers and IT managers to prioritise the most important vulnerabilities within their operating system, applications and third-party code, and adjust patching and workflow schedules accordingly.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally