CWE/SANS have released a list of what they are calling the 25 most dangerous programming errors and Jeff Atwood of Coding Horror gives a great overview of each error.
However security consultant and author Gary McGraw gives a number of reasons why such lists don’t work (via Schneier), and I must admit that a lot of his concerns are quite valid.
As McGraw states, lists of programming errors do have their merits but are almost always based on subjective experience, meaning they can be quiet irrelevant for many software developers. Of more use may be taxonomies of coding errors, specifically the Seven Pernicious Kingdoms:
- Input Validation and Representation
- API Abuse
- Security Features
- Time and State
- Error Handling
- Code Quality
- Encapsulation
- Environment