SANS Top 20 Vulnerabilities - The Experts Consensus
- Posted by Geoffrey G. Gussis on November 30th, 2005
- Filed in Risk Management & Compliance
Is your company as secure as you think? It may be time for a meeting with your CIO and MIS Department to review the latest listing of Internet security vulnerabilities:
"Four years ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list, and the expanded Top-20 lists that followed one, two, and three years later, to prioritize their efforts so they could close the most dangerous holes first. The vulnerable services that led to worms like Blaster, Slammer, and Code Red have been on these lists.
This SANS Top-20 2005 is a marked deviation from the previous Top-20 lists. In addition to Windows and UNIX categories, we have also included Cross-Platform Applications and Networking Products. The change reflects the dynamic nature of the evolving threat landscape and the vulnerabilities that attackers target. Unlike the previous Top-20 lists, this list is not "cumulative" in nature. We have only listed critical vulnerabilities from the past year and a half or so. If you have not patched your systems for a length of time, it is highly recommended that you first patch the vulnerabilities listed in the Top-20 2004 list.
We have made a best effort to make this list meaningful for most organizations. Hence, the Top-20 2005 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document."
Is it Time for a Security Spring Cleaning?
Security as a Legal Obligation in the EU
The Most Overlooked Component of Data Security: Your Employees
The Dangers of Failing to Use Reasonable Security Measures
Another Security Challenge (Word/Excel Documents Unlocked…for a Fee)
