Computer Security, Technology, Wireless Security

What Are The Best Vulnerability Disclosure Mailing Lists?

December 17, 2016

Function of Vulnerability Disclosure Mailing Lists

Vulnerability disclosure mailing lists are typically utilized for disclosing security vulnerabilities and can act as a platform for discussion pertaining to information security. These lists permit everyone subscribed to perceive the latest announced vulnerabilities. Occasionally, the vulnerabilities are not revealed to a vendor and hence are purely released to the public serving as a Zero Day. When this occurs, significant risks emerge when a Zero Day is recognized to malicious actors and a solution is not available. Vendors may not be given enough time by security researchers to patch a vulnerability prior to the researchers publishing it to the public. In such circumstances, you need to urgently update to the latest version of the concerned software as soon as a patch is released to curtail risks to your security infrastructure. Alternatively, refraining from using the affected software until a fix is released by the vendor is another way to minimize risks.

Below are the most eminent vulnerability disclosure mailing lists that you should subscribe to:

Full Disclosure

One of the most prominent security mailing lists is Full Disclosure. When you subscribe to this mailing list, you will receive notifications when vulnerabilities for numerous web applications and platforms are disclosed by security researchers. More significantly, this mailing list will also be the one where you could likely discover a Zero Day where the vendor has not been notified.

BugTraq

BugTraq is a renowned mailing list that was created in 1993 and now owned by Symantec. The list provides an amalgamated perspective of vulnerabilities. Thus, it is unnecessary to search for individual vendor announcements manually. A majority of the latest vulnerabilities are conferred with this mailing list. Subscribing can be done by sending an email to [email protected]

US-CERT

The US-CERT has been reacting to security occurrences and disclosing vulnerability details subsequently the Morris Worm spread during the mid-1980s. The US-CERT (United States Computer Emergency Readiness Team) has four mailing lists that you can choose from. The first is Alerts which are the security disclosures. Bulletins are the second option that consists of weekly vulnerability summaries accompanied by patch information when available. Tips offer advice concerning general security issues. Lastly, Current Activity refers to current information regarding potent forms of security occurrences impacting the general public. At the minimum, subscribing to Bulletins will benefit your security awareness since the information delivered weekly reveals fresh vulnerabilities which are categorized as high, medium, or low within separate charts based on their base score derived from the Common Vulnerability Scoring System (CVSS).

You Might Also Like

  • Frank

    I have been surfing online for more than three hours today and stumbled across your blog. In all those hours spent, I haven’t found any captivating articles like yours. Your content is incredible!

    Because of you, my understanding of computer security has increased drastically. I never knew that Google DNS servers could be utilized as protection for personal banking online and that you could prevent cloud WAF bypass by blocking HTTP access while still allowing legitimate web traffic to pass through it.

    If all bloggers produced excellent content like you did, the internet would be much more useful than ever before!

    Thank you,

    Frank

    • Sunny Hoi

      Hey, Frank! 🙂

      Thank you for the kind words. 😎 I’m grateful that you do not merely find my blog fascinating, but also enlightening as well.

      Best,

      Sunny

Back to top
%d bloggers like this: