UK backs FBI bid to fix top 20 IT security holes

The UK government's National Infrastructure Security Co-ordination Centre (NISCC) has welcomed shareware security tools rolled...

The UK government's National Infrastructure Security Co-ordination Centre (NISCC) has welcomed shareware security tools rolled out last week by the FBI's National Infrastructure Protection Center (NIPC) and the non-profit Sans Institute.

The tools were unveiled as the NIPC and the Sans Institute published their third annual list of the top 20 IT vulnerabilities.

Stephen Cummings, director of the NISCC, which is charged with protecting the UK's critical national infrastructure, said: "The vulnerabilities identified on the FBI/SANS list reflect the types of vulnerabilities seen by NISCC over the past year.

"Far too many businesses are taking unnecessary risks and leaving their systems unprotected against known vulnerabilities for which solutions are easily available."

All the top 20 vulnerabilities identified by the FBI/Sans collaboration originated in software shipped with programming errors which would have allowed hackers to gain remote control of systems had they not been fixed.

Sans Institute director Alan Paller said the provision of tools to scan for and fix for the 20 vulnerabilities, was a crucial step towards improving IT security.

"For the first time, organisations that do not have big security staff can get at the top 20," said Paller. "You don't have to have in-house expertise on running and tuning a scanner, and the upfront investment is small enough that everyone can do it."

US Air Force chief information officer John Gilligan agreed that the affordability of the scanning tools was critical.

"None of us can afford the cost of a continual race against would-be cyber attackers using the find-and-patch approach to deal with latent vulnerabilities in commercial software packages," he said.

He also reiterated demands made by other US government officials for the software industry to improve baseline security and the reliability of their products.

"It is clear that the quality of software design and testing in the past does not measure up to the needs of the present and the future," said Gilligan.

Top 20 vulnerabilities

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.