The Sans Institute's critical list of the top 20 security
vulnerabilities provides detailed advice on how to secure Windows
and Unix systems against the most serious threats on the internet.
It is the product of the combined expertise of 200 of the world's
leading security experts.
The report should, therefore, be required reading for IT directors
everywhere. Applied properly, it can help IT departments prioritise
their security work, and win backing for their efforts from the
board. The remedies identified in the report can protect users from
an estimated 90%-95% of threats on the internet, dramatically
reducing their exposure.
More importantly, the Sans research should be required reading by
every IT supplier. The 2004 report shows that despite high-profile
initiatives by Microsoft and others, suppliers are still delivering
code riddled with security vulnerabilities.
Unless users demand better service from their suppliers, the
problems will continue to get worse. At the very least, users
should insist that suppliers guarantee to provide software that is
free from the top 20 vulnerabilities identified in the Sans list.