This year’s SANS “Top 20 Security Vulnerabilities” holds no great surprises but in 2005 there is a “marked deviation from the previous Top-20 lists.” In addition to Windows and UNIX categories, we have also included Cross-Platform Applications and Networking Products.
The change, says SANS, reflects the dynamic nature of the evolving threat landscape. Unlike the previous Top-20 lists, this list is not "cumulative" in nature. We have only listed critical vulnerabilities from the past year and a half or so. If you have not patched your systems for a length of time, it is highly recommended that you first patch the vulnerabilities listed in the Top-20 2004 list