[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
PriorityOne Security Holes: The "Ten Most Un-Wanted"
To the CVE Editorial Board >From Alan Paller A team of about 40 security wizards from the NSA, NIPC and the vendors plus Mudge and other wizards who have lots of attack analysis experience is reaching consensus on the holes that are exploited most often. We'll be announcing them in a community-wide broadcast next week with CVE numbers, and CERT is doing the "How to fix them" document. Lots of major organizations are helping with the public announcement. The reason for this note is to invite those of you who are vulnerability scanning vendors to let us know if you want to be involved in the announcement. The types of things we are including in PriorityOne are things like the bind vulnerabilities and the RPC vulnerabilities. If you want to be part of it you'll need to create a PriorityOne offering -- either a template for your product, or, as one organization is doing, a special offering of just PriorityOne as a way to get lots of people involved in vulnerability scanning. If you are interested, check with your marketing people and if they also want to be involved, email me. Alan