Privilege-based flaws are also common and have been for more than 15 years. Gamble said that on Unix-based systems in particular, many admins simply don’t know how to properly set up permissions. Gamble suggests that security professionals check the /usr/local/bin and usr/local/sbin directories for third-party applications on a Unix machine. It’s likely they will find insecure applications with permissions they don’t need.