Public Announcement Resources for Vulnerabilities

Vulnerabilities are generally made public through different announcement systems such as security web mails, source code updates. As such there are a range of service providers that need to be monitored to cover the broad range of tools deployed. Below are a list of must monitor tools.

  • OpenBSD Mailing Lists (misc, tech, cvs)
  • Vulnerability Announcements

OpenBSD Mailing Lists (misc, tech, cvs)

The mailing lists is the public forum where OpenBSD developers get together with the interested parties (you and me.) Fortunately the number of vulnerabilities in OpenBSD are rare and far between, but the mailing lists are a source of discussions, diagnosis and learning.

Services providing summaries of source code changes include Squish.net's SRC Tracker, which I use to provide a daily digest/snapshot for perusal.

Vulnerability Announcements

Vulnerability Announcements are generally recieved through vendors, but the expanse of activities on security, and products deployed on Windows ecosystem makes it more practical to keep track of vulnerabilities through various 'industry' watch groups / organisations.

The following feeds are a good start for monitoring various vulnerability announcements across a range of Operating Systems and Applications.

RSS/Atom Feeds: security.opml

<opml version="1.1">
  <head>
    <title>FeedDemon Subscriptions</title>
    <dateModified>Mon, 17 Aug 2009 01:10:03 GMT</dateModified>
  </head>
  <body>
    <outline text="Security">
      <outline text="Security Thoughts" title="Security Thoughts" type="rss" xmlUrl="http://feeds.feedburner.com/SecurityThoughts" htmlUrl="http://securethink.blogspot.com/" description="A blog dedicated to thoughts about Information Security."/>
      <outline text="Help Net Security - News" title="Help Net Security - News" type="rss" xmlUrl="http://feeds2.feedburner.com/HelpNetSecurity" htmlUrl="http://www.net-security.org"/>
      <outline text="Got the NAC by Steve Hanna" title="Got the NAC by Steve Hanna" type="rss" xmlUrl="http://feeds.feedburner.com/GotTheNac" htmlUrl="http://forums.juniper.net/jnet/tracker" description="SteveHanna Tracker"/>
      <outline text="Robert Penz Blog" title="Robert Penz Blog" type="rss" xmlUrl="http://feeds.feedburner.com/RobertPenzBlog" htmlUrl="http://robert.penz.name" description="About Linux, IT security,&#xA;tips and tricks and other&#xA;stuff that comes into my mind"/>
      <outline text="Packet Storm Security Headlines" title="Packet Storm Security Headlines" type="rss" xmlUrl="http://packetstormsecurity.org/headlines.xml" htmlUrl="http://packetstormsecurity.org/"/>
      <outline text="US-CERT Recently Published Vulnerability Notes" title="US-CERT Recently Published Vulnerability Notes" type="rss" xmlUrl="http://www.kb.cert.org/vuls/atomfeed?OpenView&amp;start=1&amp;count=30" htmlUrl="http://www.kb.cert.org/vuls/" description="US-CERT publishes information on a wide variety of vulnerabilities. Descriptions of these vulnerabilities are available from this web page in a searchable database format, and are published as &quot;US-CERT Vulnerability Notes&quot;. The notes are very similar to alerts, but they may have less complete information. In particular, solutions may not be available for all the vulnerabilities in this database."/>
      <outline text="US-CERT Current Activity" title="US-CERT Current Activity" type="rss" xmlUrl="http://www.us-cert.gov/current/index.atom" htmlUrl="http://www.us-cert.gov/current"/>
      <outline text="Zero in a bit" title="Zero in a bit" type="rss" xmlUrl="http://feeds.feedburner.com/ZeroInABit" htmlUrl="http://www.veracode.com/blog" description="Application security testing, analysis, and metrics"/>
      <outline text="Cisco: Latest Security News" title="Cisco: Latest Security News" type="rss" xmlUrl="http://newsroom.cisco.com/data/syndication/rss2/news_at_cisco_5Security.xml" htmlUrl="http://newsroom.cisco.com/"/>
      <outline text="IceLock Blog" title="IceLock Blog" type="rss" xmlUrl="http://feeds.feedburner.com/IcelockBlog" htmlUrl="http://blog.hyblue.com" description="Simplifying Data Security"/>
      <outline text="SecurityFocus Vulnerabilities" title="SecurityFocus Vulnerabilities" type="rss" xmlUrl="http://www.securityfocus.com/rss/vulnerabilities.xml" htmlUrl="http://www.securityfocus.com"/>
      <outline text="Andy, ITGuy" title="Andy, ITGuy" type="rss" xmlUrl="http://feeds.feedburner.com/andyitguy" htmlUrl="http://www.andyitguy.com/blog" description="I am Security. Hear me ROAR!"/>
      <outline text="Google Online Security Blog" title="Google Online Security Blog" type="rss" xmlUrl="http://googleonlinesecurity.blogspot.com/atom.xml" htmlUrl="http://googleonlinesecurity.blogspot.com/"/>
      <outline text="securosis.com" title="securosis.com" type="rss" xmlUrl="http://feeds.feedburner.com/securosis" htmlUrl="http://securosis.com/blog/" description="Main Securosis Blog"/>
      <outline text="Srcasm" title="Srcasm" type="rss" xmlUrl="http://feeds.feedburner.com/srcasm" htmlUrl="http://srcasm.com" description="Common sense is not so common."/>
      <outline text="System Integrity" title="System Integrity" type="rss" xmlUrl="http://feeds.feedburner.com/SystemIntegrity" htmlUrl="http://infosecblog.antonaylward.com" description="System Integrity: Without Integrity you don't have Security"/>
      <outline text="Jeff Jones Security Blog" title="Jeff Jones Security Blog" type="rss" xmlUrl="http://feeds.feedburner.com/securityguy" htmlUrl="http://blogs.technet.com/security/default.aspx" description="Looking at Security from All Angles.  Security is not simple, so we should try not to simplify it to the point of uselessness.  "/>
      <outline text="Security Industry Soapbox" title="Security Industry Soapbox" type="rss" xmlUrl="http://feeds.feedburner.com/SecuritySoapbox" htmlUrl="http://preachsecurity.blogspot.com/" description="Security is evolving.  It's more than firewalls and anti-virus. With a wealth of hacking, cracking, 0day, and vulnerability buzz on the Internet - turn here to make sense of it all and put Security and Risk into perspective.&#xA;&lt;br&gt;&#xA;&quot;Sadly, better security is often driven by a poorly timed catastrophe.&quot;"/>
      <outline text="Cisco Security Advisories" title="Cisco Security Advisories" type="rss" xmlUrl="http://newsroom.cisco.com/data/syndication/rss2/SecurityAdvisories_20.xml" htmlUrl="http://www.cisco.com/en/US/products/products_security_advisories_listing.html"/>
      <outline text="US-CERT Technical Cyber Security Alerts" title="US-CERT Technical Cyber Security Alerts" type="rss" xmlUrl="http://www.us-cert.gov/channels/techalerts.rdf" htmlUrl="http://www.us-cert.gov/cas/techalerts/index.html" description="US-CERT Technical Cyber Security Alerts provide timely&#xA;information about current security issues, vulnerabilities, and&#xA;exploits."/>
      <outline text="Packet Storm Security Advisories" title="Packet Storm Security Advisories" type="rss" xmlUrl="http://packetstormsecurity.org/advisories.xml" htmlUrl="http://packetstormsecurity.org/"/>
      <outline text="Packet Storm Security Exploits" title="Packet Storm Security Exploits" type="rss" xmlUrl="http://packetstormsecurity.org/exploits.xml" htmlUrl="http://packetstormsecurity.org/"/>
      <outline text="netsec: what's new online" title="netsec: what's new online" type="rss" xmlUrl="http://www.reddit.com/r/netsec/.rss" htmlUrl="http://www.reddit.com/r/netsec/" description="A place to submit links for people who are interested in network security."/>
      <outline text="PCI Compliance Demystified" title="PCI Compliance Demystified" type="rss" xmlUrl="http://pcianswers.com/feed/" htmlUrl="http://chaordicmind.com/blog" description="Mixing childlike wonder with adultlike understanding"/>
      <outline text="threatpost" title="threatpost" type="rss" xmlUrl="http://www.threatpost.com/rss.xml" htmlUrl="http://www.threatpost.com"/>
      <outline text="spylogic.net" title="spylogic.net" type="rss" xmlUrl="http://feeds.feedburner.com/spylogic" htmlUrl="http://spylogic.net/" description="what secret is your computer hiding?"/>
    </outline>
  </body>
</opml>