• United States

Keeping track of vulnerabilities

Mar 31, 20032 mins

Nutter offers advice on how to stay on top of security alerts and annoucements.

With all of the product vulnerabilities (Microsoft and others) that I have been hearing about, is there one site that I can go to for this information?  Would using multiple sites be better?

– Via the Internet

While there are some e-mail listservs such as BugTraq that might be able to give you a one-stop shop for information on updates as they come out, using more than one is the approach I would take. The reason for this is that one site might get the information out before you get it from another, and depending on the severity level of the patch, this could mean the difference between getting hit or not getting hit with the hack the alerts addresses.

The first step is to subscribe to your vendors’ e-mail alert service. This ensures you get it from the “official” source.  More vendors are starting to put a PGP signature in their e-mail message so you can verify the authenticity of the alert when you have the PGP client installed on your machine. Using Google, use the following search terms (one at a time) – secunia, bugtraq, vulnwatch. This will get you started with some sites you may want to subscribe to. I’m not endorsing any one particular site, that is a decision best left to you depending on what products you need to stay on top of.