Why lists for security vulnerabilities are flawed

Monday - 11/22/2010, 3:42pm EST

You've probably seen the Top 10 Vulnerabilities lists that highlight the worst offenders in security, but Krebs on Security says those lists aren't really all that helpful.

Krebs reports these lists look at only one factor -- the number of security reports, a measure too simplistic for the complex, multi-faceted problem of cybersecurity.

It's a bit like trying to gauge the relative quality of different Swiss cheese brands by comparing the number of holes in each: The result offers almost no insight into the quality and integrity of the overall product, and in all likelihood leads to erroneous and -- even humorous -- conclusions.

Krebs offers another way to measure vulnerabilities: a severity rating.

This story is part of Federal News Radio's daily Cybersecurity Update brought to you by Tripwire. For more cybersecurity news, click here.