Your company sells toys online and ships globally. Most developers of the development team for the online E-Commerce system are experienced ones. To prevent developers from writing code that is subject to SQL injection attacks,  which of the following is the least effective?
A. Common Weakness Enumeration (CWE)
B. Common Vulnerabilities and Exposures (CVE)
C. Training
D. OWASP Top 10

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Common Vulnerabilities and Exposures (CVE).

The Common Vulnerabilities and Exposures (CVE) is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures. A CVE entry is product specific.

Common Weakness Enumeration (CWE) is a list of common software and hardware weakness types.

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

To Err Is Human. Training promotes security awareness and skills to reduce attack surface.

References

• CWE-89: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)Unsafe Mobile Code
• CVE Details
• MITRE CVE
• OWASP Top 10
• CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability
• NVD Vulnerability Severity Ratings

您的公司在線銷售玩具並在全球範圍內發貨。 在線電子商務系統開發團隊的大多數開發人員都是經驗豐富的開發人員。 為了防止開發人員編寫遭受SQL注入攻擊的代碼，以下哪一項效果最差？
A. Common Weakness Enumeration (CWE)
B. Common Vulnerabilities and Exposures (CVE)
C. Training
D. OWASP Top 10