"Most of the vulnerabilities that hackers exploit to attack Web sites and corporate servers are usually the result of common and well-understood programming errors.

A list of 25 of the most serious such coding errors is scheduled to be released later today by a group of 30 high-profile organizations, including Microsoft, Symantec, the U.S. Department of Homeland Security (DHS) and the National Security Agency's Information Assurance Division. The initiative was coordinated by the SANS Institute and The MITRE Corp., a federally funded research-and-development center.

The unusual announcement is designed to focus attention on insecure software-development practices and ways to avoid those practices, SANS officials said in a statement. The goal in releasing the list is to give software buyers, developers and training programs a tool they can use to identify programming errors known to pose serious security risks, they said." - ComputerWorld

Sans Top 25 List: http://www.sans.org/top25errors/
http://cwe.mitre.org/top25/pdf/2009_cwe_sans_top_25.pdf (PDF)
Computerworld Article: http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9125678&intsrc=news_ts_head