Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where does one go to get security alert notifications?

At my company, we are trying to stay abreast of security alerts and notifications in a more consistent fashion. We are using a large number of Java libraries for our projects, and would like to be notified if there are security updates for those libraries. I have spent some time trying to find security lists, but to no avail. This could be because I do not know the proper search terms (possible), or because I don't know where to look (also possible). It could also be because they don't exist.

The types of Libraries are things like Jetty, Hibernate, some of the Apache group, and the like. Does anyone know if there is a centralized place for these alerts to collect? Are there groups that specifically focus on sending out security alerts that are noticed in different products? I am pretty new at looking for this stuff, and not really sure where to go at this point.

like image 731
aperkins Avatar asked Sep 20 '11 16:09

aperkins


1 Answers

Most vulnerabilities tend to get announced on mailing lists like the Bugtraq which is hosted by SecurityFocus. You'll find a separate mailing list for Open Source projects, although most vulnerabilities aren't discussed here, and neither are a lot of disclosures.

You'll also find MITRE-CVE and OSVDB as useful sources. So is the case with your country's CERT, although in most cases you'll find that the alerts issued by US-CERT are sufficient enough to follow.

like image 115
Vineet Reynolds Avatar answered Sep 28 '22 14:09

Vineet Reynolds