On Sun, Mar 18, 2012 at 10:18 PM, Cameron Beere <[email protected]>wrote:
> Personally I subscribe to a few mailing lists like Bugtraq, and comb tech > oriented sites like Hacker News, but I'm sure that valuable information is > still slipping through. Is there a better way to do it? Are there any > mailing lists/websites/sources which cover the whole gamut of tech that > we might use, or paid services which can provide this information across > multiple vendors? Are there even any vendor specific mailing lists which > you consider an authoritative source for information like this? > I subscribe to the security-announce lists for specific products I'm interested in, like Red Hat's enterprise-watch-list [1], debian-security-announce [2], and puppet-announce [3]. Those emails land in my Inbox because I consider them important and authoritative, a Gmail filter applies a label to them, and I Archive them after reviewing. If you live in a Windows world, Microsoft has security lists too [4]. For software not included in the OS distro, and where the developer doesn't have a security-announce list, I subscribe to a general security list, Secunia Advisories [5] has worked well for me. The general lists are very high volume, I have a filter to Archive all the messages that don't match specific product strings, so only messages I care about land in my Inbox. I think SourceNinja [6] looks like a good idea, but it's invite only right now. You tell them the software you use, and they alert you when there are updates including to libraries that are dependencies. [1] http://www.redhat.com/mailman/listinfo/enterprise-watch-list [2] http://lists.debian.org/debian-security-announce/ [3] http://groups.google.com/group/puppet-announce [4] http://technet.microsoft.com/en-us/security/dd252948 [5] http://secunia.com/advisories/secunia_security_advisories/ [6] http://www.sourceninja.com/ -Anton
_______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
