Menu
At my company, we are trying to stay abreast of security alerts and notifications in a more consistent fashion. We are using a large number of Java libraries for our projects, and would like to be notified if there are security updates for those libraries. I have spent some time trying to find security lists, but to no avail. This could be because I do not know the proper search terms (possible), or because I don't know where to look (also possible). It could also be because they don't exist.
The types of Libraries are things like Jetty, Hibernate, some of the Apache group, and the like. Does anyone know if there is a centralized place for these alerts to collect? Are there groups that specifically focus on sending out security alerts that are noticed in different products? I am pretty new at looking for this stuff, and not really sure where to go at this point.
731
Most vulnerabilities tend to get announced on mailing lists like the Bugtraq which is hosted by SecurityFocus. You'll find a separate mailing list for Open Source projects, although most vulnerabilities aren't discussed here, and neither are a lot of disclosures.
You'll also find MITRE-CVE and OSVDB as useful sources. So is the case with your country's CERT, although in most cases you'll find that the alerts issued by US-CERT are sufficient enough to follow.
115
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
