The Twenty Most Critical Internet Security Holes

Ant writes: "A little over a year ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list to prioritize their efforts so they could close the most dangerous holes first. This new list, released on October 1, 2001, updates and expands the Top Ten list. With this new release, we have increased the list to the Top Twenty vulnerabilities, and we have segmented it into three categories: General Vulnerabilities, Windows Vulnerabilities, and Unix Vulnerabilities."

Government set software standards

[bark76]

Looks like the feds are considering setting government standards, abcnews article is here. I'm not sure how helpful government standards could be, but I think I could welcome them. I'm sure that if my toaster lit on fire as often as my windows box crashes the government would do something about it, so why not hold software companies more accountable.

Re:Here's the quick list...

[MadCow42]

Well, the interesting thing is the the "Windows" holes are more "bugs" than general architecture problems. Bugs can be easily fixed (if users patch their machines), and in fact most of the Windows ones already are fixed.

The UNIX holes listed are more fundamental in nature, requiring a significant re-development effort, and in some cases, redefining of protocols and fundamental tools.

Although the Windows "bugs" have been exploited more (and are easier to exploit in general), it'll take longer to address the issues in the UNIX list than those in the Windows list.

Sorry... I'm not a M$ advocate, but it does point out some significant issues that we need to overcome in the UNIX world, and quickly.

MadCow.