SANS Top 20 Vulnerabilities is out

by Anton Chuvakin

Related link: http://isc.sans.org/top20.html



SANS list of Top 20 common UNIX and Windows vulnerabilities is out! Being one of the contributors, I can tell that it is indeed a fascinating read. For example, 2 out of 10 UNIX vulnerabilities are in popular security softwares (OpenSSH and OpenSSL). FTP vulnerabilities didn't make the cut this year, but only because other contenders were "stronger" - make no mistake, FTP is still being hit often enough. 9 out of 10 of Windows vulnerabilities are in Microsoft software (who would have thought :-)...) The list might also benefit from web application bugs, but I suspect they have to wait till next year. Here is another fun list of top vulnerabilities, "a real-time top 10" from Qualys.