Office of the Chief Information Security Officer

September 24, 2019

Top 25 Software Weaknesses

The Mitre Corportation, aka “MITRE,” published its annual list of the 25 Most Dangerous Software Errors last week on 9/17. MITRE also manages the ATT&CK framework, an open-source knowledge base of tactics and techniques used by cybercriminals and other adversaries for cyberattacks.

Top 25 list:
2019 CWE Top 25 Most Dangerous Software Errors

Write-up by Dark Reading:
MITRE Releases 2019 List of Top 25 Software Weaknesses

MITRE ATT&CK Framework:


The Office of the CISO teaches hands-on secure coding workshops for web developers, which include understanding and mitigating some of the attacks included in the MITRE list above. If you or your team is interested, please contact Pete Graff at