top | item 30815276

(no title)

cors-fls | 3 years ago

Yes ! Computer Emergency Response Teams (CERT)[1] exist in most countries and publish security advisories as newsletters or RSS. e.g. CERT-EU security advisories [2]

But there are so many softwares and exploits that the signal to noise ratio is low if you are not in charge of a big IT infra.

[1] https://en.m.wikipedia.org/wiki/Computer_emergency_response_...

[2] https://cert.europa.eu/cert/newsletter/en/latest_SecurityBul...

discuss

gruez|3 years ago

>[2] https://cert.europa.eu/cert/newsletter/en/latest_SecurityBul...

I took a look and my first impressions are not good.

1. like you mentioned, the signal to noise ratio is pretty bad. eg. "OpenSSL/LibreSSL Vulnerability (CERT-EU Security Advisory 2022-017)" which is a DoS exploit that consumers would likely not care about. There's also no vendor/product filter, so I get notifications about "H2 Database Console" that I don't care about.

2. It's slow/out of date. eg. "Multiple Vulnerabilities in VMware (CERT-EU Security Advisory 2022-013)" was published on February 17, 2022, but the patch was published January 15th, a month earlier.

CiPHPerCoder|3 years ago

Yes, it's a firehose. I'm sure you can find a security vendor willing to offer a curated list somewhere.