Tuesday, December 04, 2007

SANS TOP-20 Security Risks for 2007

SANS Institute TOP-20 Security Risks - 2007 Annual Update

We have seen significant growth in the number of client-side vulnerabilities, including vulnerabilities in browsers, in office software, in media players and in other desktop applications. These vulnerabilities are being discovered on multiple operating systems and are being massively exploited in the wild, often to drive recruitment for botnets.

Executive summary:

"Web application vulnerabilities in open-source as well as custom-built applications account for almost half the total number of vulnerabilities being discovered in the past year."