The report should, therefore, be required reading for IT directors everywhere. Applied properly, it can help IT departments prioritise their security work, and win backing for their efforts from the board. The remedies identified in the report can protect users from an estimated 90%-95% of threats on the internet, dramatically reducing their exposure.
More importantly, the Sans research should be required reading by every IT supplier. The 2004 report shows that despite high-profile initiatives by Microsoft and others, suppliers are still delivering code riddled with security vulnerabilities.
Unless users demand better service from their suppliers, the problems will continue to get worse. At the very least, users should insist that suppliers guarantee to provide software that is free from the top 20 vulnerabilities identified in the Sans list.