Skeeter Spray is a blog for the common Information Security Professional. Why Skeeter Spray? See Post #1

Sunday, June 16, 2013

Threats, Vulnerabilities, and News…where do you get your infomation?

As all Information Security professionals, I have my favorite feed, blogs, and sites I visit for my security news. Before I conclude this blog I will share mine.   However, where do you go for your intelligence related to threats and vulnerabilities?   This would be the sources that give you the technical details, usually always in a standard format that the subscribers have come accustomed to.

For vulnerabilities, since CVE (Common Vulnerabilities and Exposures) is the standard tracking of issues with software, every Information Security professional should subscribe to a source that disseminates new CVEs.   One such source is to use the RSS feed from the National Vulnerability Database (http://nvd.nist.gov/).   Although if you don’t have lot of different operating systems and software applications, they volume may be too much to digest.

Cert (http://www.kb.cert.org/vuls/) also provides a rss feed that will supply identified vulnerabilities.  Another source our team uses is http://www.securityfocus.com/ and don’t forget http://www.us-cert.gov/ or http://securityfocus.com.  Usually after a vulnerability has been identified for a system I oversee, other sources, such as the vendor’s website, will be reviewed for additional information.  If the vulnerability looks like it may be high risk, don’t be afraid to question you customer representative from the company.

For general news and opinions of breaches, threats, and vulnerabilities I have several sites I visit daily (usually while I am eating lunch):

  • Dark Reading (http://www.darkreading.com) – they have cover a wide range of IT areas and have a good group of contributors
  • SANS (http://www.sans.org/newsletters/) – their newsletter provides a high-level recap of the top security stories for the week
  • InfoSec Island (http://www.infosecisland.com/) – a good collection of blogs.  Pick a couple of follow
  • Computer World has a Security Manager blog that is ghost written.   Although not news, I do enjoy reading the issues this manager is having.
  • PaulDotCom (http://www.pauldotcom.com) – I try to listen to their pod cast every week as they have some very good guests and the staff is very knowledgeable.  And I never miss John and his latest episode of Hack Naked TV.   The site also has a ton of helpful technical information  (yes, I may have saved the best for last)
Once you find a couple of good sites, share them with another Information Security professional, I am sure they will share a new site with you.


No comments:

Post a Comment