Computer Security, Technology, Wireless Security

What Are The Best Vulnerability Disclosure Mailing Lists?

December 17, 2016

Function of Vulnerability Disclosure Mailing Lists

Vulnerability disclosure mailing lists are typically utilized for disclosing security vulnerabilities and can act as a platform for discussion pertaining to information security. These lists permit everyone subscribed to perceive the latest announced vulnerabilities. Occasionally, the vulnerabilities are not revealed to a vendor and hence are purely released to the public serving as a Zero Day. When this occurs, significant risks emerge when a Zero Day is recognized to malicious actors and a solution is not available. Vendors may not be given enough time by security researchers to patch a vulnerability prior to the researchers publishing it to the public. In such circumstances, you need to urgently update to the latest version of the concerned software as soon as a patch is released to curtail risks to your security infrastructure. Alternatively, refraining from using the affected software until a fix is released by the vendor is another way to minimize risks.

Below are the most eminent vulnerability disclosure mailing lists that you should subscribe to:

Full Disclosure

One of the most prominent security mailing lists is Full Disclosure. When you subscribe to this mailing list, you will receive notifications when vulnerabilities for numerous web applications and platforms are disclosed by security researchers. More significantly, this mailing list will also be the one where you could likely discover a Zero Day where the vendor has not been notified.

BugTraq

BugTraq is a renowned mailing list that was created in 1993 and now owned by Symantec. The list provides an amalgamated perspective of vulnerabilities. Thus, it is unnecessary to search for individual vendor announcements manually. A majority of the latest vulnerabilities are conferred with this mailing list. Subscribing can be done by sending an email to [email protected]

US-CERT

The US-CERT has been reacting to security occurrences and disclosing vulnerability details subsequently the Morris Worm spread during the mid-1980s. The US-CERT (United States Computer Emergency Readiness Team) has four mailing lists that you can choose from. The first is Alerts which are the security disclosures. Bulletins are the second option that consists of weekly vulnerability summaries accompanied by patch information when available. Tips offer advice concerning general security issues. Lastly, Current Activity refers to current information regarding potent forms of security occurrences impacting the general public. At the minimum, subscribing to Bulletins will benefit your security awareness since the information delivered weekly reveals fresh vulnerabilities which are categorized as high, medium, or low within separate charts based on their base score derived from the Common Vulnerability Scoring System (CVSS).

Sunny Hoi is the very definition of an unprecedented individual, ceaselessly instituting the standards of excellence. He is a Canadian security blogger, information security professional, author, entrepreneur, Unix/Linux enthusiast, occasional comedian, down-to-earth guy, and lifelong student from Vancouver, B.C. He currently resides in Toronto, Ontario. His passions include information security, cyber security, coding, penetration testing, system administration, intrusion detection, log analysis, music, books, fitness, Law, Computer Science, Criminology, Sociology, and Psychology. A genuine triple threat, Sunny is known for his keen intellectual ability, superior IT expertise, and exceptional writing prowess. His ability to dedicate himself in accomplishing a given task after one another successfully with consistency and precision marks him a force to be reckoned with. Writing is one of the cornerstones situated within life that he truly excels at. The hidden gem of his musical talent shocks those who discover it. As a person who grew up with computers, Sunny is brilliant in utilizing Unix-based operating systems. His ability to transition to different Linux distributions, BSD systems, or run his all time favorite Solaris OS poses no difficulty for him at all. His extensive computer programming knowledge and vast IT security mastery illustrate him as the quintessential IT guy.

You Might Also Like

Improving Your IT Department Through Certification

April 14, 2017

Before You Guest Post: What You Need To Know

April 11, 2017

4 Tips On How To Monetize Your Blog

April 19, 2017
  • Frank

    I have been surfing online for more than three hours today and stumbled across your blog. In all those hours spent, I haven’t found any captivating articles like yours. Your content is incredible!

    Because of you, my understanding of computer security has increased drastically. I never knew that Google DNS servers could be utilized as protection for personal banking online and that you could prevent cloud WAF bypass by blocking HTTP access while still allowing legitimate web traffic to pass through it.

    If all bloggers produced excellent content like you did, the internet would be much more useful than ever before!

    Thank you,

    Frank

    • Sunny Hoi

      Hey, Frank! 🙂

      Thank you for the kind words. 😎 I’m grateful that you do not merely find my blog fascinating, but also enlightening as well.

      Best,

      Sunny

Back to top
%d bloggers like this: