My recent research confirmed the format of http://www.securityfocus.com where you
can search via drop downs. For example
you select Cisco, then all Cisco products are presented and you can select the
product in question. If the product has
versions, you may also select that. I
also visited the Cisco website to search for vulnerabilities on their Nexus
7000, although several showed up, the site doesn’t tell you directly that a fix
has been released.
http://web.nvd.nist.gov
also served me well, but you must know
exactly what you want to search for vs. the menu options of the securityfocus
site.
For operating systems, such as Windows 2008, the NVD site
works very well for searching. It will
list all the vulnerabilities and provide a link to the vendors site, in this
case to Microsoft Technet and the 2008 security bulletin.
For other situations such as VMware ESXi or a Belkin
router, I would continue to use the NVD site to search for vulnerabilities and
visit the vendor site if more information was needed regarding patch status.
Until next time…
~Skeeter