I thnk that Richard Bejtlich is being a little picky about this subject, but he still got his point. Even in a work with such good content as the Top 20, basic concept mistakes can jeopardize its value. A document like this is read and used by lots of people, spreading the mistakes throughout the field. Hey SANS guys, instead of criticizing, why not try the CISSP? It won't hurt, it'll only add value (and it's not even something that Bejtlich will agree with me, given his opinion on this cert).

Mistakes with vulnerabilities and threats concepts is something that a CISSP doesn't usually do, even if with very bad technical skills. Mix the technical skills provided by SANS with solid fundamentals from the CBK. That's the source of an incredibly valuable Top 20 document.