A Place at the Periodic Table

February 24, 2010

According to an article at the PhysOrg.com Web site, the International Union of Pure and Applied Chemistry [IUPAC] has announced that element 112 in the periodic table will officially be named Copernicium, in honor of the astronomer Nicolaus Copernicus, who formulated a heliocentric theory of the cosmos, most notably in his book De Revolutionibus Orbium Coelestium (On the Revolutions of the Heavenly Spheres).   The new element’s symbol will be Cn; its weight is 277 times that of hydrogen, making it the heaviest element officially recognized and named by the IUPAC.   It joins a collection of heavy elements named after scientific pioneers, including Einsteinium (Es), Fermium (Fm), Mendelevium (Md), and Bohrium (Bh).

The new element was first produced in February, 1996, by a team at the GSI Helmholtzzentrum für Schwerionenforschung in Germany.

Top 25 Most Dangerous Bugs for 2010

February 24, 2010

This year’s list of the 25 Most Dangerous Programming Errors has been published by the CWE project, which is a cooperative venture between the MITRE Corp., the SANS Institute, and numerous software security experts in the US and Europe.

The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.

It is based, in part, on the Common Weakness Enumeration data, maintained by MITRE in conjunction with the US Department of Homeland Security, and on the SANS list of Top 20 Attack Vectors.  The error list is meant to help educate developers, managers, and software customers about the kinds of too-common errors that cause so many security flaws in software.  The list contains detailed discussion of the errors, along with information about the circumstances and environments in which they are most common, and advice on mitigating their impact.

Reading through the list can be a sobering experience.  The venerable buffer overflow bug is still in the number 3 position (although it is down from number 1 last year), which is a bit depressing since it was a buffer overflow vulnerability that was exploited by the very first Internet worm (the Morris worm) back in the late 1980s.  The number 1 and 2 positions this year are occupied by two other old favorites: cross-site scripting, and SQL injection.  It has been said that the invention of writing and the printing press allowed knowledge to be captured and passed along to future generations.  Software development managers know that this theory is sometimes less than totally apparent in practice.

Still, it is a hopeful sign, I think, that this kind of information is being collected and published.  If software is to become a real engineering discipline, a body of knowledge about what works and what doesn’t is essential.  The plural of “anecdote” is not “data”.

%d bloggers like this: