List of Top 20 Software Flaws Due
The focus will be on fixes Wednesday, when the U.S. General Services Administration unveils its list of the top 20 Internet security vulnerabilities to a gathering of government chief information officers and IT professionals.
This is the third year that the GSA has released the list publicly. Compiled by the nonprofit SANS (Sysadmin, Audit, Network, Security) Institute and the FBI's National Infrastructure Protection Center (NIPC), the list is intended to raise awareness of serious computer vulnerabilities and give administrators a way to determine priorities for patching vulnerabilities.
Wednesday's event at the GSA offices is expected to draw attendance by around 350 people, most from the government IT community.
Past lists have covered three categories: general vulnerabilities, Windows vulnerabilities, and Unix vulnerabilities. Security vulnerabilities noted in previous editions of the list have ranged from very broad issues such as the failure to maintain complete system backups, to very specific platform and product vulnerabilities such as programming flaws in the Remote Data Services component of Microsoft's Internet Information Server.
Unlike past years, however, this year's conference will do more than just raise red flags. Underscoring the Bush administration's stated desire to
Those companies and others have worked closely with the SANS Institute and agencies within the government over the past four months to compile the list, according to the source.
Apart from the announcements about vulnerabilities, the conference will highlight NASA's program to
The GSA is expected to present NASA's program as a model that other government agencies and private companies could use to reduce the number of attacks on their own systems.
The GSA will also announce an initiative to expand the government's Safeguard program to help audit the government's own systems for common vulnerabilities.
The Safeguard program is run by the Center for Information Security Services and provides professional services and products to agencies of the federal government to help protect those agencies against potential threats.
Although targeted at IT professionals working within the federal government, the yearly announcement of the 20 top Internet vulnerabilities from the FBI and SANS is recognized by many within the security industry as a benchmark of sorts. It is regarded as a list of vulnerabilities, many of them targeted by high-profile worms or viruses such as the