Multinational consensus pegs top 20 net vulnerabilities
Experts from the U.S., Canada, the U.K., Singapore and Brazil name the top Windows, Unix and Linux flaws.
Computerworld - WASHINGTON -- The U.S. Department of Homeland Security, along with its Canadian and British counterparts and the SANS Institute, today released a list of the 20 security vulnerabilities most often exploited by criminal hackers.
The creation of the Top 20 list of commonly exploited Windows, Unix and Linux flaws marks one of the first times that a multinational consensus has been reached on critical Internet vulnerabilities that must be fixed to meet a minimum level of security protection for computers connected to the Internet.
"Basing the Top 20 on a multinational government/industry consensus endows the list with more authority and makes it easy for each of our agencies to persuade owners and operators of the critical infrastructure to eliminate these vulnerabilities," said Steve Cummings, director of the U.K.'s National Infrastructure Security Co-ordination Centre, in a statement.
Sallie McDonald, director of outreach programs at the DHS, called the Top 20 project, "a useful example" of how the U.S. National Strategy for Securing Cyberspace is being implemented.
Alan Paller, director of research at SANS, said the list is a consensus of the knowledge of experts from around the world who are fighting cybercrime. In addition to contributors in the U.S., U.K. and Canada, experts from Singapore and Brazil also helped develop the list.
Paller said the security industry has put its support behind the Top 20 list. Two of the leading suppliers of vulnerability testing software, Qualys Inc. and Foundstone Inc., announced that their customers will be able to test for the top 20 vulnerabilities. Qualys is also offering a free network auditing service that lets anyone test Internet-connected systems for evidence of the vulnerabilities, Paller said.
"The list reflects the combined experience of many of the folks who have to clean up after attacks," said Paller. "It couldn't be developed by any individual organization because different sites face different automated and targeted attacks."
SANS started the process of issuing a Top 10 list of vulnerabilities three years ago, when it released its first list with the National Infrastructure Protection Center. The updated SANS Top 20 is actually a combination of two Top 10 lists: the 10 most commonly exploited vulnerable services in Windows and the 10 most commonly exploited vulnerable services in Unix and Linux.
"Although there are thousands of security incidents each year affecting these operating systems, the overwhelming majority of successful attacks target one or more of these 20 vulnerable services," according to the final consensus document.
|The Top 20 Consensus Guide|
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The Threat Landscape Hardly a day goes by without the discovery of a new cyberthreat somewhere in the world! But how do you keep up with...
- Security for Virtualization In the rush to implement virtualization, security has become second. So while the business benefits are clear, the risks are less well documented...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Malware and Vulnerabilities White Papers | Webcasts