Tag: SANS
-
OSVDB – Classification: Minor Touch-ups and Reorganization
[This was originally published on the OSVDB blog.] In addition to overhauling the ‘exploit’ classification, additional touch-ups and reorganization has been done to the classification system. For volunteers that help mangle entries, watch out as items have shifted in flight. For users of OSVDB, these will be mostly cosmetic changes and should not impact searching.…
-
SANS Top 20 Report – Deja Vu
[This was originally published on the OSVDB blog.] I previously blogged about the SANS Top 20 List in a pretty negative fashion. The list started off as the “Top 10 Vulnerabilities” and quickly expanded into the Top 20 Vulnerabilities. Even last year (2005), they were still calling it a “Top 20 Vulnerabilities” list when it…
-
OSVDB ThreatRiskWarnFUD Level 6.32
[This was originally published on the OSVDB blog.] While chatting with a journalist about risks and ratings. I think the conversation started with a discussion on CVSS, but moved on to more general risk ratings. This lead me to wonder about the usefulness of Internet risk/threat ratings that some security companies maintain. Does anyone use…
-
SANS Top 20 Report Value
[This was originally published on the OSVDB blog.] SANS has released their Top 20 Internet Security Vulnerabilities for 2005. Started in June 2000, “the SANS Institute and the National Infrastructure Protection Center (NIPC) at the FBI released a document summarizing the Ten Most Critical Internet Security Vulnerabilities”. The list was designed to help administrators tackle…
-
600 Security Vulnerabilities in Q1 2005
[This was originally published on the OSVDB blog.] http://www.betanews.com/article/600_Security_Vulnerabilities_in_Q1_2005/1115067858 600 Security Vulnerabilities in Q1 2005By Nate Mook, BetaNewsMay 2, 2005, 5:04 PM According to a study published Monday by the SANS Institute, more than 600 new security vulnerabilities cropped up in the first three months of 2005. Although Microsoft leads the top 20 most critical…