[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

PriorityOne Security Holes: The "Ten Most Un-Wanted"



To the CVE Editorial Board
>From Alan Paller

A team of about 40 security wizards from the NSA, NIPC and the vendors plus
Mudge and other wizards who have lots of attack analysis experience is
reaching consensus on the holes that are exploited most often.  We'll be
announcing them in a community-wide broadcast next week with CVE numbers, and
CERT is doing the "How to fix them" document.  Lots of major organizations
are helping with the public announcement.

The reason for this note is to invite those of you who are vulnerability
scanning vendors to let us know if you want to be involved in the
announcement.  The types of things we are including in PriorityOne are things
like the bind vulnerabilities and the RPC vulnerabilities. If you want to be
part of it you'll need to create a PriorityOne offering -- either a template
for your product, or, as one organization is doing, a special offering of
just PriorityOne as a way to get lots of people involved in vulnerability
scanning.

If you are interested, check with your marketing people and if they also want
to be involved, email me.

Alan

 
Page Last Updated: May 22, 2007