ISS Lists Security Risks | eWeek

ISS Lists Security Risks

Écrit par
Dennis Fisher
Dennis Fisher
Jul 7, 2003
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Internet Security Systems Inc. last week unveiled its first Catastrophic Risk Index, a compilation of the 31 most serious current vulnerabilities and attacks.

The index is designed to give administrators a constantly updated quick-reference list of the issues that should be their top priorities in protecting networks. Not surprisingly, all but two of the vulnerabilities on the list are some form of buffer overflow.

Buffer overflows are far and away the most common security vulnerabilities plaguing commercial and open-source software. They come in many shapes and sizes and can be found in almost any kind of application, but the result is almost always the same: an attacker gets access to a critical application or server.

To qualify for inclusion on the CRI, a vulnerability must meet several criteria: be pervasive enough to affect almost all organizations across all industries; be a serious threat to the confidentiality, integrity and availability of critical data; be a potential cause of catastrophic business-system failure; and be highly susceptible to virus and worm creation. About one-third of the vulnerabilities on the list are found in open-source software packages, including OpenSSL, Sendmail and Snort. The remainder are problems in commercial applications, with Microsoft Corp. having the most entries on the CRI. Of the 31 issues listed, 12 were found in Microsoft products. The other commercial vendors with more than one flaw on the list are Sun Microsystems Inc. and PeopleSoft Inc., which have two each.

The CRI was developed by X-Force, the research team at ISS, which is based in Atlanta. The team plans to update the list on a regular basis so that it continues to reflect the current set of the most dangerous known vulnerabilities.

ISS officials said the company developed the CRI as a way to take some of the pressure off customers, which are inundated with information about new vulnerabilities and attacks every day.

“Our security team identifies and tracks 200 to 300 new vulnerabilities and threats each month, which is an enormous load for companies to keep up with while also focusing on their core business,” said Chris Rouland, vice president of X-Force.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.