SANS Top20 Vulnerabilities List is out
by Anton Chuvakin
Related link: http://www.sans.org/top20
Just like last year, I would like to remind those who are not following the security news closely to take a look at the list of "The Twenty Most Critical Internet Security Vulnerabilities", released by SANS.
Unlike last year, the list shows an interesting trend: a major shift away from platform vulnerabilities towards cross-platform applications. Such applications, when deployed without enough thinking, equally endanger Unix and Windows systems. In addition, an absense of glaring and commonly exploited hole in Unix/Linux is of interest (it seems like the times of FTP and RPC holes are all but forgotten...)
While some critisize the list for lack of specificity, it is still a required reading for anybody involved with security.