Welcome

Skeeter Spray is a blog for the common Information Security Professional. Why Skeeter Spray? See Post #1

Saturday, July 6, 2013

Vulnerability Sites ---- revisited

Several weeks ago I posted a list of sites and links where threat and vulnerability information can be gathered from.   Since then I have again had the privilege of running a number of scenarios through my threat process model and want to up you on the applicability of the links I provided.

My recent research confirmed the format of http://www.securityfocus.com where you can search via drop downs.  For example you select Cisco, then all Cisco products are presented and you can select the product in question.   If the product has versions, you may also select that.   I also visited the Cisco website to search for vulnerabilities on their Nexus 7000, although several showed up, the site doesn’t tell you directly that a fix has been released.  

http://web.nvd.nist.gov  also served me well, but you must know exactly what you want to search for vs. the menu options of the securityfocus site.

For operating systems, such as Windows 2008, the NVD site works very well for searching.  It will list all the vulnerabilities and provide a link to the vendors site, in this case to Microsoft Technet and the 2008 security bulletin.

For other situations such as VMware ESXi or a Belkin router, I would continue to use the NVD site to search for vulnerabilities and visit the vendor site if more information was needed regarding patch status.

Until next time…
~Skeeter