SANS issues vulnerability top 20
Annual study of security risks finds software and humans present dangers.
The SANS Institute has released its annual survey of vulnerabilities putting computer systems and networks at risk, finding increasing threat levels in server and client side software as well as a growing trend of risks emerging from human nature rather than programming flaws.
The study discusses problems with browsers, email clients, office software and media players on the client side, and web applications, services offered by the operating system, databases and backup systems on servers, as well as highlighting an increased emphasis on exploitation of flaws in security software. At a more human level, inappropriate use and configuration of software as well as the dangers of social engineering are analysed.