Finally, yesterday was released annual report of SAN top 20 security risks for the current year. The report is published here and you can read some commentaries about it at www.news.com and at security.blogs.techtarget.com. I must point out that there aren't many changes compared to the previous year 2006.
At the client-side dominates vulnerabilities of web browsers and office suites and at the server-side vulnerabilities of web applications and operating systems services. In summary, according to SANS client-side vulnerabilities have rising tendency and clients may threaten their companies by careless web browsing. Default configurations of many operating systems are still weak and web applications vulnerabilities account for almost half of all of them.