Qualys Introduces RV10 Real-Time Top Ten Vulnerabilities on Today's Networks

Black Hat, Las Vegas, NV — July 30, 2003 — Qualys™, Inc., the market leader of on-demand security audits and vulnerability management, today introduced RV10 (Real-Time Top Ten Vulnerabilities), a dynamic list of the most critical and prevalent security vulnerabilities. The list is the first of its kind, updated automatically and continuously from a statistically representative sample including thousands of networks. RV10 was created in response to Gerhard Eschelbeck’s Laws of Vulnerabilities which concludes that vulnerability prevalence is directly related to exploitation. Qualys publishes the list at www.qualys.com/RV10.

Qualys also announced RV10scan, a free service to immediately identify the vulnerabilities on a network perimeter that are the most likely to be exploited at any given time. This free service, as well as all Qualys services, are basedon the QualysGuard Web Service Architecture, designed from the ground up to automate vital security processes. RV10scan is available immediately at www.qualys.com/RV10scan.

“RV10 is a list of the top ten security priorities all critical sectors should have at any given moment. This list and free service is provided to the public so organizations can identify and eliminate the most dangerous security threats facing today’s enterprises,” said Richard Clarke, former Presidential Cyber Security Advisor and chairman of Good Harbor Consulting LLC. “As a first step in the security process, the critical sectors must identify and remediate these critical vulnerabilities.”

About the RV10 (Real-Time Top Ten Vulnerabilities)
The RV10 (Real-Time Top Ten Vulnerabilities) is a dynamic list of the most critical and prevalent security vulnerabilities. The index is the first of its kind, updated automatically and continuously from a statistically representative sample including thousands of networks. Qualys publishes the index at www.qualys.com/RV10 as well as on www.vulns.com, a web log for the vulnerability community debuted at the Black Hat Briefings.

The current RV10 vulnerabilities are:

• Microsoft Windows DCOM RPC Interface Buffer Overrun (CAN-2003-0352)
• Microsoft IIS CGI Filename Decode Error (CVE-2001-0333)
• Microsoft Index Server and Indexing Service ISAPI Extension Buffer Overflow (CVE-2001-0500)
• Microsoft IIS Malformed HTR Request Buffer Overflow (CVE-2002-0071)
• Apache Chunked-Encoding Memory Corruption (CVE-2002-0392)
• ISC BIND SIG Cached Resource Record Buffer Overflow (sigrec bug) (CAN-2002-1219)
• Microsoft Windows 2000 IIS WebDAV Buffer Overflow (CAN-2003-0109)
• Sendmail Address Prescan Possible Memory Corruption (CAN-2003-0161)
• SSL Server Has SSLv2 Enabled (No CVE assigned)
• Writeable SNMP Information (No CVE assigned)

“RV10 demonstrates the power of the QualysGuard Web Service Architecture. While specific customer data is not available, we have aggregate vulnerability data and prevalence from all over the Internet,” said Philippe Courtot, CEO of Qualys. “Gerhard’s laws, derived from our statistical analysis, prove how critical it has become to eliminate vulnerabilities quickly. The RV10scan allows organizations of any size to do just that.”

About Qualys

With more than 2,000 subscribers ranging from small businesses to multinational corporations, Qualys has become the leader in on demand vulnerability management and policy compliance. The company allows security managers to strengthen the security of their networks effectively, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ on demand technology offers customers significant economic advantages, requiring no capital outlay or infrastructure to deploy and manage. Its distributed scanning capabilities and unprecedented scalability make it ideal for large, distributed organisations. Hundreds of large companies have deployed Qualys on a global scale, including AXA, DuPont, Hershey Foods, ICI Ltd, Novartis, Sodexho, Standard Chartered Bank and many others. Qualys is headquartered in Redwood City, California, with European offices in France, Germany and the U.K., and Asian representatives in Japan, Singapore, Australia, Korea and the Republic of China. For more information, please visit www.qualys.com.

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com