Every year, the SANS Institue releases a Top 20 Internet Security Vulnerabilities list. Originally, the Top 20 list began as Top 10 list in June of 2001. Each successive list was released with 20 vulnerabilities, 10 centering on Windows and 10 centering on Unix.
This year, SANS made a change to how the list was presented. Windows and Unix vulnerabilities are still represented, however, the addition of two other categories of vulnerabilities were added.
SANS chose to list applications and network devices as "areas" in the Top 20 advisory. At first glance, this seems to lead to a broader advisory list with less content.
The broadness is slightly misleading because if you drill down on each vulnerability point, the list includes several advisories that make the case for that specific point being in the Top 20 list.
This format allows for an executive summary (original 20 vulnerability points) for managers and the more technical details (actual advisories and recommendations) for the technical side of IT.
The Top 20 Vulnerabilities list did get off to a rocky start as Richard Bejtlich pointed out but quickly recovered after fixing some confused wording. In my eyes, this shows the professional level at which SANS operates by being able to fix mistakes quickly for the betterment of the information security community.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment