Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > National security > Situational awareness > NIPC / GSA / SANS Top Twenty Internet Security Vulnerabilities for 2002

Institutional links

NIPC / GSA / SANS Top Twenty Internet Security Vulnerabilities for 2002

Information Note Number: IN02-007
2 October 2002

Purpose

The FBI's National Infrastructure Protection Center (NIPC), the U.S. General Services Administration's (GSA) FedCIRC program, and the SANS Institute today announced the twenty vulnerabilities most often exploited by hackers and other cyber criminals. The "Top Twenty" has been updated substantially from last year's list, adding new vulnerabilities and removing some that are no longer prevalent.

This initiative represents an early instance of the implementation of the U.S. government's National Strategy to Secure Cyberspace, released on 18 September 2002. Underscoring the government's efforts to enlist the private sector in securing the nation's IT infrastructure, four network scanner suppliers simultaneously announced new releases of their products that test for the Top Twenty vulnerabilities. Further, the GSA's Federal Technology Service announced that it is establishing a working group to draft task order specifications so that federal agencies can use the GSA's SafeGuard contracting program to test for the Top Twenty vulnerabilities and to get help in removing them.

The full list of the Top Twenty vulnerabilities and related material can be viewed at this link.

Comment

The United Kingdom's National Infrastructure Security Co-ordination Centre (NISCC) and OCIPEP both welcome the U.S. initiative to publish a list of the top twenty IT vulnerabilities. These two organizations are committed to working with their U.S. partners in raising awareness of the vulnerabilities in IT systems and the need to take appropriate remedial action to protect systems from electronic attack, both domestically and globally.

top of page

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2008-12-08
Top of Page
Top of Page
Important Notices