This
post will identify credible sources of information for IT threats,
vulnerabilities, updates, and security news in general. Included is list of
sources I consider to be credible, and why.
·
http://nvd.nist.gov/ - My #1 site for information on security vulnerabilities
is the National Vulnerability Database (the NVD is sponsored by Department of
Homeland Security - National Cyber Security Division/US-CERT and NIST). The NVD the U.S. government repository of
standards based vulnerability management data, using Security Content
Automation Protocol (SCAP). It covers
vulnerability management, security measurement, and compliance. Included are: security checklists, security
related software flaws, misconfigurations, and impact metrics.
·
http://cve.mitre.org/ - The Common
Vulnerabilities and Exposures (CVE) is international in scope and is free for
public use. The CVE is a large
dictionary of publicly known information security vulnerabilities and
exposures. The CVE can be used for
vulnerability management, patch management, vulnerability alerting, intrusion
detection, and much more.
·
http://www.symantec.com/security_response/
- who does security better than a company that earns it's bread and butter by
providing security solutions? The list
of threats, vulnerabilities, risks, and security news delivered by Symantec is
arguably near the top of the list; the list is constantly updated and is vast,
covering: spyware, adware, hack tools, joke programs, remote access, hoaxes, trackware,
the list goes on and on.
·
http://www.iss.net/threats/ThreatList.php
- A great list of current and relevant Internet threats and
vulnerabilities. Though the list is
geared towards showing how IBM ISS products & services can help protect
against the listed threats, it gives plenty of details on what the threats and
vulnerabilities are, what they do, and steps that can be taken to mitigate the
risk.
·
http://www.itsecdb.com/oval/
- The IT Security Database (ITSECDB) collects Open Vulnerability and Assessment
Language (OVAL) definitions from sources such as: Mitre, Red Hat, Suse, NVD,
Apache, etc. and provides a one-stop shop with easy to navigate web interface
to research a wide array of IT security related items such as patching, vulnerabilities,
and compliance checklists.
·
http://www.exploit-db.com/ - The Exploit
Database (EDB) is another great site to check out, at the time of typing this,
they have a total of 16,108 exploits archived.
This site is geared towards penetration testers, vulnerability
researchers, and security addicts. The
site also has blogs, papers, and a community who is apt to share
information. The site is run by the
folks at: http://www.offensive-security.com
·
Other good resources for security news
(a.k.a. the usual suspects):
o
http://news.cnet.com/security/
o
http://thehackernews.com/
o
http://www.securityfocus.com/
o
http://www.blackhat.com/
o
http://seclists.org/isn/
o
http://www.zdnet.com/topics/security
o
http://www.scmagazine.com/
o
http://www.nist.org/news.php
o
http://www.securityweek.com/
o
http://www.eweek.com/c/s/Security/
No comments:
Post a Comment