% fortune -ae paul murphy

SANS Institute embarrasses FBI

Today's headlie (see my Dec 19th blog for the rules on these) is the third in the series: 2005: the missing headlies. Basically: the thing has to relate to IT and be both true and false at the same time.

When the SANS Institute, in co-operation with the FBI, released its list of "The Twenty Most Critical Internet Security Vulnerabilities (Updated) ~ The Experts' Consensus" for 2002" I responded by pointing out that:

At the time the FBI, essentially a sleeping partner in this effort, was having some internal systems problems with infighting between mainframers and PC bigots blocking desktop and other upgrades. Nevertheless, having the FBI name attached to the SANS list gave it an apparent legitimacy a PC security tools vendor consortium would never have had on its own - and therefore embarrassed the FBI.

That was then, now is now - and the SANS Institute has significantly changed its behavior - to the point that today's top 20 list is a beautiful piece of work of genuine value to its users.

Thus the current release has separate sections covering major vulnerabilities in:

Top Vulnerabilities in Windows Systems

Top Vulnerabilities in Cross-Platform Applications Top Vulnerabilities in UNIX Systems Top Vulnerabilities in Networking Products

Needless to say, this is a lot more complete than a simple pair of very selective top 10 lists - and a lot more valuable too with a layout that lets the user move easily from analysis to action.

In my opinion if there was such a thing as an Internet "Most Improved" prize for 2005, the SANS Institute should be the easy winner - So, please, join with me in wishing the people behind this change a Merry Christmass and a Happy New Year.

And the FBI? the SANS Institute has embarrased them again - this time by growing up and moving on, while they're still fighting each other and everybody else in the homeland security business for control over technology directions and change.


Paul Murphy wrote and published The Unix Guide to Defenestration. Murphy is a 25-year veteran of the I.T. consulting industry, specializing in Unix and Unix-related management issues.