Re: [ISN] Re: SANS Top 20 Vulnerability List Updated

From: InfoSec News (isnat_private)
Date: Thu Dec 13 2001 - 00:52:43 PST

  • Next message: InfoSec News: "[ISN] FBI confirms "Magic Lantern" project exists"

    Forwarded from: Ejovi B. Nuwere <ejoviat_private>
    Actually, this top 20 list has helped me. It gives me the ability to
    scan my entire network for attacks most likely to be automated or used
    by script kiddies. Thats a huge help. And time saver.
    On Tue, Dec 04, 2001 at 02:10:45AM -0600, InfoSec News wrote:
    > Forwarded from: Felix von Leitner <leitnerat_private>
    > Thus spake InfoSec News (isnat_private):
    > > NIST has been working with SANS to provide an enhanced top 20
    > > vulnerability list. The original list produced by SANS and the FBI
    > > contained 20 important vulnerability areas with reference to over
    > > 140 specific vulnerabilities.
    > Short question: what the hell is going on here? What significance
    > could this have at all besides SANS telling us that they consider
    > themselves of earth-shattering importance?
    > Top 20 vulnerabilities?  Is this an E! franchise?
    > Why is worthless crap like a "top 20 vulnerabilities" list even done
    > at all?  Why not pay those obviously very talented and highly
    > respected members of the security community to actually do something
    > useful, like _do_ something against security vulnerabilities instead
    > of doing PR work?
    > Sheesh.  What's next?  The top 20 deseases causing bowel movement?
    > Felix
    ejovi nuwere
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Dec 13 2001 - 04:28:14 PST