Graham Coles

UK

Software Engineer

Also included is Mac OSX. Really? Why?

A bunch of stupid comments like 'flaws in unix applications *MAY* be patched later than the originals' and 'The first viruses for Mac OSX were found in the last year'

Actually there have been no viruses for macs as such. A couple of bits of proof of concept code like a worm that can't propogate to other systems and needs to be installed with an admin password and a virus attempt that couldn't make it out of a users home directory because it doesn't have permission and doesn't even work on powerpc architectures.

How the hell does this nonsense make it into a TOP 20 list? I thought this was suppose to be a serious list indicating real, known threats for known services/applications with a high priority of actually happening.

What do we get instead? Warnings that someone might not have patched an application (no idea which one, and I doubt if ordinary mac users would be using these command line apps anyway) that may or may not be vulnerable.

This is little more than a 'state the bleeding obvious' list, I can't even take them seriously any more.

Why not just say that any operating system in the world with the capability of connecting to a network MAY be vulnerable because it MAY contain applications which MAY not be updated as frequently, but we can't be sure. TOP 20 vulnerabilities my arse.

No wonder the americans have to have cars that keep beeping to remind them to put their seatbelts on (they MAY have an accident while driving), put their lights on when its dark and remember to close the doors because you're not supposed to drive with them open(!).

It's a pity that SANs are just wasting peoples time here; they would be providing a much more intelligent service by turning their website into a series of links to grown-up security sites that actually identify realistic, quantifiable threats and solutions that people can identify on their systems. All they have provided here is little more than a horoscope.