Introduction

Six years ago, the SANS Institute and the National Infrastructure
Protection Center (NIPC) at the FBI released a document summarizing the
Ten Most Critical Internet Security Vulnerabilities. Thousands of
organizations relied on that list, and on the expanded Top-20 lists
that followed in succeeding years, to prioritize their efforts so they
could close the most dangerous holes first. The vulnerable services
that led to worms like Blaster, Slammer, and Code Red have been on SANS
Top20 lists.

http://www.sans.org/top20/