The SANS Institute has published a list of top 25 programming errors based on consensus from industry, government and academic experts. The announcement with the lists starts with a chilling opening:

Today in Washington, DC, experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale.

The impact of these errors is far reaching. Just two of them led to more than 1.5 million web site security breaches during 2008 - and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies.

Kent Landfield, Director, Risk and Compliance Security Research, McAfee says the list:

" ... is right on target. By educating software developers on the most important issues and showing them how to avoid writing security bugs, this effort will help programmers correct code issues before they become security problems."

An ounce of prevention.