Thursday, June 14, 2012

Sources for IT Security News, Threats, Vulnerabilities and Updates



This post will identify credible sources of information for IT threats, vulnerabilities, updates, and security news in general. Included is list of sources I consider to be credible, and why.



·         http://nvd.nist.gov/ -  My #1 site for information on security vulnerabilities is the National Vulnerability Database (the NVD is sponsored by Department of Homeland Security - National Cyber Security Division/US-CERT and NIST).  The NVD the U.S. government repository of standards based vulnerability management data, using Security Content Automation Protocol (SCAP).  It covers vulnerability management, security measurement, and compliance.  Included are: security checklists, security related software flaws, misconfigurations, and impact metrics.



·         http://cve.mitre.org/ - The Common Vulnerabilities and Exposures (CVE) is international in scope and is free for public use.  The CVE is a large dictionary of publicly known information security vulnerabilities and exposures.  The CVE can be used for vulnerability management, patch management, vulnerability alerting, intrusion detection, and much more.    



·         http://www.symantec.com/security_response/ - who does security better than a company that earns it's bread and butter by providing security solutions?  The list of threats, vulnerabilities, risks, and security news delivered by Symantec is arguably near the top of the list; the list is constantly updated and is vast, covering: spyware, adware, hack tools, joke programs, remote access, hoaxes, trackware, the list goes on and on.



·         http://www.iss.net/threats/ThreatList.php - A great list of current and relevant Internet threats and vulnerabilities.  Though the list is geared towards showing how IBM ISS products & services can help protect against the listed threats, it gives plenty of details on what the threats and vulnerabilities are, what they do, and steps that can be taken to mitigate the risk.



·          http://www.itsecdb.com/oval/ - The IT Security Database (ITSECDB) collects Open Vulnerability and Assessment Language (OVAL) definitions from sources such as: Mitre, Red Hat, Suse, NVD, Apache, etc. and provides a one-stop shop with easy to navigate web interface to research a wide array of IT security related items such as patching, vulnerabilities, and compliance checklists.



·         http://www.exploit-db.com/ - The Exploit Database (EDB) is another great site to check out, at the time of typing this, they have a total of 16,108 exploits archived.  This site is geared towards penetration testers, vulnerability researchers, and security addicts.  The site also has blogs, papers, and a community who is apt to share information.  The site is run by the folks at: http://www.offensive-security.com



·         Other good resources for security news (a.k.a. the usual suspects):

o   http://news.cnet.com/security/

o   http://thehackernews.com/

o   http://www.securityfocus.com/

o   http://www.blackhat.com/

o   http://seclists.org/isn/

o   http://www.zdnet.com/topics/security

o   http://www.scmagazine.com/

o   http://www.nist.org/news.php

o   http://www.securityweek.com/

o   http://www.eweek.com/c/s/Security/

No comments:

Post a Comment