Many organizations pursue security development practices that mitigate vulnerabilities identified on a "most common" or most severe list. One of the most popular of these lists is the CWE/SANS Top 25 Most Dangerous Software Errors. This session will take a detailed walk through the 2011 CWE/SANS Top 25 vulnerabilities and demonstrate all applicable SDL requirements and recommendations. It will also discuss which of the related mitigations correctly address the weakness and explore extra defensive techniques and technologies. The session will also review where additional SDL practices can fill in vulnerability gaps not covered in the will also explain some if the gaps in the CWE Top 25 list.