Vendor Alert Subscriptions
Apache, Debian Linux, Gentoo Linux, HP, Macromedia, Microsoft, NetBSD, OpenBSD, Oracle, Red Hat Linux
Vendor Releases
AIX, AIX Patches - Fixdist, Apache Web Server, Cisco, Citrix, Compaq, Debian GNU/Linux, Digital UNIX (Tru64), FreeBSD, FreeBSD Patches FTP Site
2000Trainers.com - Security Alerts
Offers advice, ratings and direct downloads to the most recent security patches, hotfixes, and service packs for server operating systems and applications.
Apache Week: Apache httpd 1.3 vulnerabilities
Includes an overview of published Apache 1.3.x security advisories and patches.
Apache Week: Apache httpd 2.0 vulnerabilities
Includes an overview of published security advisories and patches for Apache 2.0.X.
Bugtraq
Independent source for security vulnerabilities, alerts, and threats.
Center for Internet Security
Non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls.
CERIAS - Center for Education and Research in Info
University center for multidisciplinary research and education in areas of information security. Provides hotlist covering all aspects of security.
CERT Coordination Center
Studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to improve site security.
Citadel Security
Vulnerability remediation software which prevents networked machines that have been off the network for some time from gaining access until the software has applied necessary patches. Also offer policy management and automatic logoff tools.
Computer Incident Advisory Capability
CIAC publishes security bulletins and virus and hoax information. They provide computer security assistance to US Department of Energy (DOE) sites.
CVEbrowser
CVE browser is a Java Web search engine for the Mitre CVE vulnerability dictionary.
DeepSight
Fee based security alert service by Symantec.
igxglobal.com
Provides daily reports on new Internet, network and application vulnerabilities.
ISS X-Force
Security alerts, advisories, and alert summaries from ISS.
Open Source Vulnerability Database
Searchable database of vulnerabilities. Offers data for download in XML format as well as via website. Details of how to submit new vulnerabilities, database schema and FAQ.
Patch Management Forum
Mailing list facilitates networking and information exchange related to patch management: announcements, testing, verification, operations processes, and vulnerabilities.
PatchEasy
Patch management tool that helps secure systems by remotely managing service packs and hotfixes. Conduct research, take inventory, deploy updates and validate installations to networked machines.
Patchlink Corporation - Patch Management
Offers fully Internet-based, automated, cross-platform, enterprise security patch management software so IT administrators can assess and resolve security vulnerabilities across operating systems and applications.
PatchManagement.org
Mailing list dedicated to the discussion of patch management.
Secureroot Advisories Database
Listing of security advisories and warnings.
Security Corporation
Information on the latest security advisories, viruses, press releases, and whitepapers.
SecurityFocus: Bugtraq
Full disclosure computer security vulnerabilities feed.
SecurityMetrics Bulletin Service
Security Bulletins that are compiled from multiple leading sources and condensed to reduce your efforts in reviewing them regularly.
Sintelli Alert
Online service that notifies webmasters of new security vulnerabilities.
Threat Focus
Threat Focus Diligence provides customized 24/7 vulnerability and patch alerts for more than 1,000 products, giving IT and network managers the security information they need to protect their assets.
TruIntelligence
Actionable, risk oriented intelligence service from TruSecure Corporation.
US-CERT
Provides a mechanism that allows citizens, businesses, and other institutions to communicate directly with the United States government regarding cyber security information.