Spire Security Viewpoint: SANS Top 20 Vulnerabilities

Other than for press coverage, I don't really understand the value of the SANS Top 20 Vulnerabilities. As far as I can tell, its basic message is that pretty much everything is vulnerable. Some comments:

It is not a list of what I would call "vulnerabilities" as much as it is a list of vulnerable programs.
It doesn't appear to list the vulns in any sort of priority order.
There doesn't appear to be any qualification to what makes a vulnerability critical, except maybe its existence.
It seems more like a big laundry list than anything else. (The first two "vulnerabilities" actually contained 22 traditional vulnerabilities).

What I would really enjoy is something more specific about vulnerabilities, their severity, how common they are, the popularity of exploit, etc.

I guess the information is useful just to have organized, I just wish they would have been a bit more specific and a bit more rigorous in their approach. It probably doesn't help having 35 people participating in what appears to be a qualitative process. It would be hard to achieve any type of consensus with a group that large.

Verify your Comment

Previewing your Comment

Posted by: |

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:

Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Spire Security Viewpoint

SANS Top 20 Vulnerabilities

TrackBack

Comments

Verify your Comment

Previewing your Comment

Post a comment

About

Categories

Recent Posts

Archives