|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[ISN] ISS Lists Security Risks
From: InfoSec News (isn
c4i.org)
Date: Tue Jul 08 2003 - 02:28:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://security.ziffdavis.com/article2/0,3973,1185262,00.asp
By Dennis Fisher
eWEEK
July 7, 2003
Internet Security Systems Inc. last week unveiled its first
Catastrophic Risk Index, a compilation of the 31 most serious current
vulnerabilities and attacks.
The index is designed to give administrators a constantly updated
quick-reference list of the issues that should be their top priorities
in protecting networks. Not surprisingly, all but two of the
vulnerabilities on the list are some form of buffer overflow.
Buffer overflows are far and away the most common security
vulnerabilities plaguing commercial and open-source software. They
come in many shapes and sizes and can be found in almost any kind of
application, but the result is almost always the same: an attacker
gets access to a critical application or server.
To qualify for inclusion on the CRI, a vulnerability must meet several
criteria: be pervasive enough to affect almost all organizations
across all industries; be a serious threat to the confidentiality,
integrity and availability of critical data; be a potential cause of
catastrophic business-system failure; and be highly susceptible to
virus and worm creation. About one-third of the vulnerabilities on the
list are found in open-source software packages, including OpenSSL,
Sendmail and Snort. The remainder are problems in commercial
applications, with Microsoft Corp. having the most entries on the CRI.
Of the 31 issues listed, 12 were found in Microsoft products. The
other commercial vendors with more than one flaw on the list are Sun
Microsystems Inc. and PeopleSoft Inc., which have two each.
The CRI was developed by X-Force, the research team at ISS, which is
based in Atlanta. The team plans to update the list on a regular basis
so that it continues to reflect the current set of the most dangerous
known vulnerabilities.
ISS officials said the company developed the CRI as a way to take some
of the pressure off customers, which are inundated with information
about new vulnerabilities and attacks every day.
"Our security team identifies and tracks 200 to 300 new
vulnerabilities and threats each month, which is an enormous load for
companies to keep up with while also focusing on their core business,"
said Chris Rouland, vice president of X-Force.
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]