I report on a lot of software vulnerabilities, and I try to weed out the unimportant ones. But there's no real way to know in advance which ones will be exploited and which ones cybervandals will essentially ignore.
Some critical vulnerabilities never become a big danger, even when administrators fail to patch them. This makes it difficult to defend the expense of constantly updating and maintaining system patches and probably leads to a lot of the complacency we see in information security.
Of course, other vulnerabilities become major attack vectors for hackers. This has been the case recently with a slew of Apache Web server vulnerabilities.
The link for this article located at ZDNet is no longer available.
