[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Update Disclosure Sources List - Please Vote!
On Wed, 5 Oct 2011, Williams, James K wrote: > http://www.webappsec.org/lists/websecurity/archive/ > Notes: mostly noise, but rare vuln disclosures do occur In these cases, it may be more reasonable to depend on "inheriting" coverage from the other vuln DBs. > http://www.linuxsecurity.com/ > Notes: Central resource for major linux vendors, but would be better to > monitor vendor directly I agree with that. > http://www.immunityinc.com/ceu-index.shtml > Notes: Regularly post fresh or zero day exploit info, but must have > subscription These then are "not public" and outside scope. Several years ago, we went through a phase where we tried to cover paid exploit packs e.g. from Evgeny or CANVAS, but there is so little public information that the risk of dupes seemed too high. > http://aluigi.altervista.org/ > Notes: very prolific vuln researcher, worth monitoring directly due to > volume Luigi is getting extra attention these days because of his SCADA exploits. > http://www.coresecurity.com/content/core-impact-pro-security-updates > Notes: Occasionally post fresh or zero day exploit info, but must have > subscription CORE is one of a relatively small number of researcher CNAs (including Secunia) for their own advisories, so they should be "must have". - Steve