SCADA Cyber Security Problems - Just How Common are the Programming Errors?
The discovery of SCADA-security issues by Luigi Auriemma and Siemens PLC weaknesses by NSSLabs this year is interesting from a software-engineering point of view. Having been active in the development of industrial controllers, embedded devices, PLCs and machines, I have experienced the other end of the cyber security problem - not how vulnerabilities must be stopped, but the ease with how they are created.
Auriemma has tried to find the source of the SCADA leaks by disassembling the code and finding the root cause of all 34 leaks. It is interesting to read that the “Buffer Overflow” error is one of the most common. It is so common that it is listed as #3 in the “Mitre TOP-25 most dangerous programming errors” list (No. 1 and 2 are website programming errors).
Read the entire article by Rob Hulsebos on the Practical SCADA Security blog http://www.tofinosecurity.com/blog/scada-cyber-security-problems-%E2%80%93-just-how-common-are-programming-errors