[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Update Disclosure Sources List - Please Vote!



I have voted but also included a few more on the end….

Government Information Sources
  Must Have - US-CERT Advisories (aka CERT-CC Advisories)
  Must Have - US-CERT Vulnerability Notes (CERT-CC)
  Ignore - US-CERT Bulletins (aka Cyber-Notes)
  Ignore - DoD IAVAs
  Nice to Have - NISCC
  Nice to Have - AUS-CERT
  Ignore - CIAC (name has changed)


CNA Published Information
  All CNAs are a Must Have

Non-CNA Vendor Advisories
  All non-CNS vendor advisories are a Must Have


Mailing Lists & VDBs
  Must Have - Bugtraq
    Ignore - Vuln-Watch
    Ignore - VulnDev
  Nice to Have - Full Disclosure
    Ignore - Security Focus
    Ignore - Security Tracker
  Must Have - OSVDB
    Ignore - ISS X-Force
  Must Have - FRSIRT  (VUPEN)
  Must Have - Secunia
    Ignore - Packet Storm
    Ignore - SecuriTeam
    Ignore - SANS Mailing List (Qualys)
    Ignore - Neohapsis (Security Threat Watch)
  Must Have - Metasploit
  Nice to Have - Snort
  Nice to Have - Contagiodump.blogspot.com
  Nice to Have - Oss-security

Non-OS venders should be included
Specifically Desktop products that are commonly seen in both corporate and consumer systems

Additions….

 1.  Must haves
    *   APSA / APSB - Adobe
 2.  Nice to have
    *   ZDI
    *   Exploit-DB
    *   MSVR – Microsoft Vulnerability Research Advisories
    *   iDefense
    *   cisco-sa-xxxxxxxx-xxx (Cisco Security Advisories)
    *   Htxxxx (Apple)
    *   VMSA (Vmware Security Advisories)
    *   CNVD (China National Vulnerability Database)
    *   Metasploit Module Ids

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee, Inc.
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>



Page Last Updated or Reviewed: November 06, 2012