The latest SANS Top 20 has hundreds of CVE entries and as such is more of a meta-description of Internet targets. I don’t think the list is as “actionable” as the original Top 10, which listed specific vulnerabilities. At the point where I realized people were just going to write up their thoughts on various problems (Internet Explorer, Mac OS X, etc.) I left the project early this week, but I was formally done in early October. If you think a bunch of people’s opinions is worthwhile, then you may find the Top 20 useful.”]
Source: https://taosecurity.blogspot.com/2006/11/comments-on-sans-top-20.html

