The worst security problems?

Friday, 15 November 2002, 7:58 AM EST

About a month ago, the SANS Institute, in cooperation with the U.S. Federal Bureau of Investigation, released its list of "The Twenty Most Critical Internet Security Vulnerabilities (Updated) - The Experts' Consensus" for 2002.

The information provided was picked up and relayed to the public by many news sites and major newspapers across the United States and Canada. Although the SANS Institute notes, further down in the top-20 page, that this is actually two top-ten lists, even sophisticated publications such as Computerworld, which referred to the list as the "top 20" throughout its front page treatment of the story, didn't make that distinction clear to readers.

In addition, you have to dig fairly deeply into the announcement to see the top 10 Windows list is limited to a few current variants of major Windows-brand server operating systems, while the Unix list includes applications, desktops and bugs going back at least as far as 1990. More subtly, the title coupled with the silent omission of all information about the relative costs and risks represented by the listed vulnerabilities invites readers to impute a rational basis, such as cost or risk, for the rankings shown.

[ Read more ]

Related items


Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Oct 24th