“About a month ago, the SANS Institute, in cooperation with the
U.S. Federal Bureau of Investigation, released its list of ‘The
Twenty Most Critical Internet Security Vulnerabilities
(Updated)–The Experts’ Consensus’ for 2002.“The information provided was picked up and relayed to the
public by many news sites and major newspapers across the United
States and Canada. Although the SANS Institute notes, further down
in the top-20 page, that this is actually two top-ten lists, even
sophisticated publications such as Computerworld, which referred to
the list as the ‘top 20’ throughout its front page treatment of the
story, didn’t make that distinction clear to readers.“In addition, you have to dig fairly deeply into the
announcement to see the top 10 Windows list is limited to a few
current variants of major Windows-brand server operating systems,
while the Unix list includes applications, desktops and bugs going
back at least as far as 1990. More subtly, the title coupled with
the silent omission of all information about the relative costs and
risks represented by the listed vulnerabilities invites readers to
impute a rational basis, such as cost or risk, for the rankings
shown…”
LinuxWorld: The Worst Security Problems? We Can’t Tell From the FBI’s Top 20 List
By
Get the Free Newsletter!
Subscribe to Developer Insider for top news, trends, & analysis