The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe.
Cross-site Scripting, ‘SQL Injection and Classic Buffer Overflow are still on the top of the list.
Image source: http://www.stevenbrown.ca/blog/archives/225