I notice earlier that it took CERT something like 15 days after microsoft posted a patch to send out a message warning about a buffer overflow in IE. About 10 years ago, sys admins all subscribed to CERT, because that was the first place to get news. Obviously, the way the internet runs now, 15 days after microsoft, means probably 30 days after the vuln is discovered. In that time, a lot of machines can be compromised.

I was just wondering where everyone went to get there most up to date security news. Is it the vendors sites, like microsoft and redhat? A security site like securityfocus? A maillist like bugtraq? Especially now that AO doesn't have News on the front page