On 2011/10/20, at 12:54, Daniel Brown wrote: > There are third-party sites that send out security alerts for > software such as PHP, and you can likely find them easily enough via > Google. Off the top of my head, none are coming to mind by name, but > I have subscribed to their mailings myself over the years, and found > them to be a pretty reliable resource --- some "underground" public > groups are particularly useful for zero-day vulnerabilities.
I've been on Bugtraq for years, and have found it to be very useful (if a bit noisy). It's heavily moderated, but there's still so much software out there that it can get a few dozen emails a day. <http://www.securityfocus.com/> about halfway down the page fill in your email address, and then check off the Bugtraq list in the bottom half. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php