Feds, SANS Disclose Top 20 Vulnerabilities | eWeek

Feds, SANS Disclose Top 20 Vulnerabilities

Écrit par
Caron Carlson
Caron Carlson
Oct 7, 2002
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

The general services administration last week unveiled a flurry of Internet-security-related announcements, including an updated list of the top 20 vulnerabilities as compiled by the FBI and The SANS Institute.

The list includes 10 programs in Unix systems, including Apache Web Server, Secure Shell and FTP; and 10 programs in Windows systems, including Microsoft Corp.s SQL Server, Internet Explorer and Remote Registry Access. Absent are several vulnerabilities that made the list last year but are no longer prevalent. (The complete list can be found via www.eweek.com/links.)

“This year, theres nothing that you should not be able to test,” Alan Paller, director of research at SANS, said upon revealing the top 20 vulnerabilities at the GSA, in Washington.

In conjunction with the advisories, several IT security vendors announced product upgrades that will target the identified weaknesses.

Internet Security Systems Inc., for one, launched a policy component for its Internet Scanner to allow users to tailor security profiles based on the top 20 vulnerabilities. ISS Internet Scanner application monitors systems for weaknesses that affect communication services, operating systems, routers, e-mail and Web servers, firewalls, and applications.

Qualys Inc. and Foundstone Inc. also released scanning services and products last week. In addition, The Nessus Project and Advanced Research Corp. announced open-source products to cover the newly identified weaknesses.

To help federal agencies identify and eliminate the top 20 weaknesses, the GSA is setting up a task force to draft specifications for contracting with security vendors via the federal SafeGuard program. The GSA is also providing a patch service to federal users, notifying them by e-mail when a new vulnerability is identified on a system.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.