Re: Re: SANS Top 20 Vulnerability List Updated

[InfoSec News <isn () c4i org>]

Forwarded from: Ejovi B. Nuwere <ejovi () ejovi net>

Actually, this top 20 list has helped me. It gives me the ability to
scan my entire network for attacks most likely to be automated or used
by script kiddies. Thats a huge help. And time saver.


On Tue, Dec 04, 2001 at 02:10:45AM -0600, InfoSec News wrote:
> Forwarded from: Felix von Leitner <leitner () vim org>
>
> Thus spake InfoSec News (isn () c4i org):
>
> > NIST has been working with SANS to provide an enhanced top 20
> > vulnerability list. The original list produced by SANS and the FBI
> > contained 20 important vulnerability areas with reference to over
> > 140 specific vulnerabilities.
>
> Short question: what the hell is going on here? What significance
> could this have at all besides SANS telling us that they consider
> themselves of earth-shattering importance?
>
> Top 20 vulnerabilities?  Is this an E! franchise?
>
> Why is worthless crap like a "top 20 vulnerabilities" list even done
> at all?  Why not pay those obviously very talented and highly
> respected members of the security community to actually do something
> useful, like _do_ something against security vulnerabilities instead
> of doing PR work?
>
> Sheesh.  What's next?  The top 20 deseases causing bowel movement?
>
> Felix


ejovi nuwere
http://www.ejovi.net



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.