Bugs in anti-virus scanners and web-based applications joined flaws in Microsoft and Cisco networking products in a list of the 20 most serious vulnerabilities discovered this year.

The list - compiled by the SANS Institute in co-operation with security vendors such as Qualys and government agencies in the UK and US - highlights the 20 most critical vulnerabilities currently facing organisations. Vulnerabilities that are easy to exploit and where a large number of unpatched systems existed were highlighted in the report. In addition to identifying vulnerabilities in Windows and UNIX systems, this year's Top-20 list also includes cross-platform applications and networking products for the first time.

The flaws are all well-documented. The idea of the Top 20 is to draw people's attention towards particularly serious problems that might have been overlooked. Starting earlier this year, the SANS Institute moved from an annual to quarterly update of its list, now into its fifth year, to reflect the faster evolution of internet threats. It's still doing the annual round-up though with this year's Top 20 launched in Europe at a high profile event in London on Tuesday featuring speakers from SANS, the DTI and the National Infrastructure Security Coordination Centre (NISCC). ®

Related stories

• China displaces Britain as botnet epicentre (19 March 2007)
• VoIP and IE risks star in SANS' threat list (16 November 2006)
• Unpatched enterprise security bugs proliferate (24 August 2006)
• Cisco plugs IP telephony and router security holes (19 January 2006)
• Cisco’s AON: Jeeves in a router or a box of evils? (3 December 2005)
• Hackers look outside Windows for flaws (28 July 2005)
• SANS revises Top 20 security vulns list (3 May 2005)
• The IT security vuln league table of fear (11 October 2004)