Qualys Top 20 Real-Time Vulnerability Index Now Published in FS/ISAC Collective Intelligence and Physical Security Weekly Report

Redwood City, CA - June 5, 2006 - Qualys, the leading provider of on demand vulnerability management and policy compliance, and the Financial Services/Information Sharing and Analysis Center (FS/ISAC) announced today that Qualys has partnered with FS/ISAC to provide the Qualys Top 20 Real-Time Vulnerability Index as part of the FS/ISAC Collective Intelligence and Physical Security Weekly Report. By publishing the Qualys Index on a weekly basis, FS/ISAC gives its members access to real world information about the most immediate threats to their electronic banking and finance critical infrastructure.

“Cyber security is really the ‘new arms race’ with adversaries attempting to attack the financial services sector at an ever increasing rate. The goal of FS/ISAC is to disseminate trusted and timely information to increase sector wide knowledge about physical and cyber security risks face by the financial sector,” said Suzanne Gorman, chairperson, FS/ISAC. “The addition of the Qualys Index to our Weekly Report is an important step in adding highly accurate, real time information about new and emerging cyber threats. We very much appreciate Qualys’ generosity. This contribution makes Qualys one of our contributing partners and helps us provide additional high value to our membership.”

“FS/ISAC makes a significant contribution to the security of our nation working diligently to make the financial sector stronger and safer,” said Philippe Courtot, chairman and CEO of Qualys. “By paying close attention to and running scans on both the SANS Top 20 Internet Security Vulnerability Index (http://www.sans.org/top20), to which Qualys experts contribute and which provides a look back at the most critical vulnerabilities which have appeared during the year, and the Qualys Top 20 Real-time Vulnerability Index which gives ‘right now’ information about the most immediate threats, the financial sector has the information it needs to understand the dynamic nature of the evolving threat landscape, the vulnerabilities attackers target and remediate risk. We are very pleased that Qualys can add value by contributing our Index to the information collected by both these important organizations.”

“Information technology infrastructure propels today’s global economy and identifying threats and vulnerabilities which could seriously endanger that infrastructure is critical,” said Howard A. Schmidt, former White House Cyber Security Advisor and the first president of the Information Technology Information Sharing and Analysis Center (IT/ISAC). “Trusted organizations like the FS/ISAC, which communicate with other sector specific ISACs such as the IT/ISAC, are vital to the security of electronic commerce and indeed the nation. The information the ISACs share with their members enables them to understand both physical and cyber based threats and I applaud this collaborative step by the FS/ISAC and Qualys to contribute more useful information to the financial services community.”

About the Qualys Top 20 Real-Time Vulnerability Index

The Qualys Top 20 Real-time Vulnerability Index was formerly known as the RV10. The Top 10 external and internal vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the “Laws of Vulnerabilities”, developed by Qualys (https://www.qualys.com/research/rnd/vulnlaws), this information is computed anonymously by Qualys from nearly 2 million vulnerability scans globally. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside organization’s firewalls. To view the index, go to https://www.qualys.com/research/rnd/top10.

Twelve vulnerabilities on the Qualys TOP 20 pertain to the Microsoft Windows operating system and products like IIS, Exchange, Outlook and Internet Explorer. Vulnerabilities in other products from Adobe, Cisco, OpenSSH and VNC are also included in the list the list.

Qualys’ free scan for the Top-10 is available at https://freescan.qualys.com/?lsid=6389 to help companies immediately identify the prevalent and critical security vulnerabilities most likely to be exploited on their network perimeters.

About the FS/ISAC

Launched in 1999, FS/ISAC was established by the financial services sector in response to the 1998 Presidential Directive 63. That directive, later updated by 2003 Homeland Security Presidential Directive 7, mandated that the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the U.S. critical infrastructure. For more information about FS/ISAC, go to http://www.fsisac.com.

About SANS

SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community. http://www.sans.org

The SANS Top 20 is an invaluable tool for businesses to test their security posture against the constantly increasing and ingenious threats which appear on an almost daily basis. http://www.sans.org/top20

About Qualys

Qualys, Inc., the leader in on demand vulnerability management and policy compliance serves more than 2,200 enterprise subscribers around the world including 200 of the Forbes Global 2000. QualysGuard Software as a Service (SaaS) solutions help security managers effectively strengthen the security of their networks, conduct automated security audits and ensure compliance with internal policies and external regulations. Qualys’ cost effective on demand technology requires no capital outlay, infrastructure or maintenance and can be deployed in a matter of hours anywhere in the world. Qualys global customers include AXA, DuPont, eBay, ICI Ltd, Kaiser Permanente, Novartis, Oracle and many others. Qualys is headquartered in Redwood City, California, with business units in Europe and Asia. For more information, please visit www.qualys.com.

###

Qualys, the Qualys logo and QualysGuard are proprietary trademarks of Qualys, Inc. All other products or names may be trademarks of their respective companies.

Media Contact:
Tami Casey
Qualys
media@qualys.com