As
all Information Security professionals, I have my favorite feed, blogs, and
sites I visit for my security news. Before I conclude this blog I will share
mine. However, where do you go for your
intelligence related to threats and vulnerabilities? This would be the sources that give you the
technical details, usually always in a standard format that the subscribers
have come accustomed to.
For
vulnerabilities, since CVE (Common Vulnerabilities and Exposures) is the
standard tracking of issues with software, every Information Security
professional should subscribe to a source that disseminates new CVEs. One such source is to use the RSS feed from
the National Vulnerability Database (http://nvd.nist.gov/). Although if you don’t have lot of different
operating systems and software applications, they volume may be too much to
digest.
Cert
(http://www.kb.cert.org/vuls/) also
provides a rss feed that will supply identified vulnerabilities. Another source our team uses is http://www.securityfocus.com/ and
don’t forget http://www.us-cert.gov/ or http://securityfocus.com. Usually after a vulnerability has been identified
for a system I oversee, other sources, such as the vendor’s website, will be
reviewed for additional information. If
the vulnerability looks like it may be high risk, don’t be afraid to question
you customer representative from the company.
For
general news and opinions of breaches, threats, and vulnerabilities I have
several sites I visit daily (usually while I am eating lunch):
- Dark Reading (http://www.darkreading.com) – they have cover a wide range of IT areas and have a good group of contributors
- SANS (http://www.sans.org/newsletters/) – their newsletter provides a high-level recap of the top security stories for the week
- InfoSec Island (http://www.infosecisland.com/) – a good collection of blogs. Pick a couple of follow
- Computer World has a Security Manager blog that is ghost written. Although not news, I do enjoy reading the issues this manager is having.
- PaulDotCom (http://www.pauldotcom.com) – I try to listen to their pod cast every week as they have some very good guests and the staff is very knowledgeable. And I never miss John and his latest episode of Hack Naked TV. The site also has a ton of helpful technical information (yes, I may have saved the best for last)
~Skeeter