I notice earlier that it took CERT something like 15 days after microsoft posted a patch to send out a message warning about a buffer overflow in IE. About 10 years ago, sys admins all subscribed to CERT, because that was the first place to get news. Obviously, the way the internet runs now, 15 days after microsoft, means probably 30 days after the vuln is discovered. In that time, a lot of machines can be compromised.

I was just wondering where everyone went to get there most up to date security news. Is it the vendors sites, like microsoft and redhat? A security site like securityfocus? A maillist like bugtraq? Especially now that AO doesn't have News on the front page ;)

As much as I hate to admit it, Microsoft's Technet (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/Default.asp) seem to be faster than CERT these days. There is a subscription feature there and, like I said, they seem to be pretty timely. (a must for a Microsoft shop :D )


DjM

Is it the vendors sites, like microsoft and redhat? A security site like securityfocus? A maillist like bugtraq


yes... ;)

i never rely on any one site...i visit them all...(that are relevant...we don't run linux here) as well as all of the major AV software vendors...it's amazing how differently they all respond...

just book mark em and make it a rountine with your morning coffee...