Are we sure all the libs we use are safe? For instance, I'd love to have a tool like this one http://open.bekk.no/retire-js-what-you-require-you-must-also-retire generalised to jQuery plugins and java libs (not sure if this one is good, not tested, just an example)
Jacques On Saturday, November 16, 2013 11:36 AM Jacques Le Roux <[email protected]> wrote: > Hi, > > I believe we currently have no plans to monitor security fixes in embedded > libraries. So I guess, from time to time, or for a > reason, a committer gets a look to a lib and update it. We are quite blind. > > Unfortnately, I think there are no free tools in the IT industry. Paying ones > exist, like > http://www.tenable.com/products/securitycenter (found at > https://cve.mitre.org/compatible/vulnerability_alerting.html) > > So all we can do is to subscribe to services like > https://www.kb.cert.org/vuls/ > I just susbcribed to "National Cyber Awareness System Mailing Lists" (US > gov), is something else doing so? > Weirdly the EU has no such ML > http://cert.europa.eu/cert/newsletter/fr/latest_Security%20Bulletins_.html > (?) Only a RSS feed > http://cert.europa.eu/cert/filteredition/en/CERTNewsFilter.html > > Jacques
