The FBI and the Sans Institute said in a joint statement that the initiative “establishes a benchmark for internet users and business partners to employ in requesting information about the security status of organisations they need to trust.”
The top-ranked vulnerability is the failure by web servers to handle “unanticipated requests,” a problem which can be exploited by a remote attacker to view the source code of scripted applications or view files the web server has been instructed not to serve, such as confidential data. Other problems that are named in the list leave businesses open to denial of service attacks.
A list of the Top Twenty vulnerabilities and protection instructions (for both Windows and Unix operating systems) is available from:
www.sans.org/top20/