The SANS Top 20 Vulnerabilities consensus list updated

The first quarter 2005 update to the SANS Top 20 Internet Security Vulnerabilities list was released yesterday (press release). Information security professionals will be very familiar with this living list. If you are wondering why you should be interested in this document, consider the following taken from the introduction to the list,

The Top-20 is a consensus list of vulnerabilities that require immediate remediation. It is the result of a process that brought together dozens of leading security experts. They come from the most security-conscious government agencies in the UK, US, and Singapore; the leading security software vendors and consulting firms; the top university-based security programs; many other user organizations; and the SANS Institute. A list of participants may be found at the end of this document.

The SANS Top-20 is a living document. It includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. We will update the list and the instructions as more critical threats and more current or convenient methods of protection are identified, and we welcome your input along the way.