PriorityOne Security Holes: The "Ten Most Un-Wanted"
To the CVE Editorial Board
>From Alan Paller
A team of about 40 security wizards from the NSA, NIPC and the vendors plus
Mudge and other wizards who have lots of attack analysis experience is
reaching consensus on the holes that are exploited most often. We'll be
announcing them in a community-wide broadcast next week with CVE numbers, and
CERT is doing the "How to fix them" document. Lots of major organizations
are helping with the public announcement.
The reason for this note is to invite those of you who are vulnerability
scanning vendors to let us know if you want to be involved in the
announcement. The types of things we are including in PriorityOne are things
like the bind vulnerabilities and the RPC vulnerabilities. If you want to be
part of it you'll need to create a PriorityOne offering -- either a template
for your product, or, as one organization is doing, a special offering of
just PriorityOne as a way to get lots of people involved in vulnerability
If you are interested, check with your marketing people and if they also want
to be involved, email me.