If you're reading this, you've no doubt also seen quite a lot of noise in the press during the past few months about how information about vulnerabilities is disseminated. And because most of the digital security attacks are launched against systems from Microsoft, it's no wonder that Microsoft is a major player in such noise. So on the one hand, you have Microsoft, which claims (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/columns/security/noarch.asp) that the problem is security researchers trying to pimp their consulting practices by finding obscure faults in a very complex code-base, writing sample code to exploit these vulnerabilities and then distributing that to the world under the guise of research.
And on the other hand, we have the security community, which claims that if they didn't find these problems, only the hackers would know about them, and if they didn't write sample code, Microsoft would deny the vulnerability was anything more than theoretical, and if they didn't distribute it to the world, Microsoft would have no incentive to patch their code.
Regardless of which of these arguments you subscribe to, one thing is certain: if you don't know about vulnerabilities, you can't protect yourself. So the important question for the system administrator is, "Where can I find out about vulnerabilities?"
The answer
Requires Free Membership to View
When you register, you’ll also receive targeted alerts from my team of editorial writers and independent industry experts with the latest news, tips, and advice to help you do your job more efficiently and effectively. Our goal is to keep you informed on the hottest topics and biggest challenges faced by IT professionals today working with desktop management and security technologies.
Margie Semilof, Editorial Director
to that is that it depends on how much you want to read. If you really want to stay in-the-know and on top of vulnerabilities as quickly as possible, my recommendation would be to join the email-lists at Securityfocus.com. There are lists there covering a multitude of subjects, non-Windows as well as Windows-related. These lists are also useful for asking questions and collaborating with others to find more detailed info and better solutions to problems as they are discovered.
You can find a list of email-lists here: http://www.securityfocus.org/cgi-bin/forums.pl.
If you're a Microsoft shop, and you want the information from the horse's mouth, so to speak, the email-list for you is Microsoft's security bulletin. You can subscribe to that here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/notify.asp.
If you have the time, I'd actually suggest subscribing to both lists and comparing the information, in terms of quality, quantity and timeliness, for yourself.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in March 2002
Join the conversationComment
Share
Comments
Results
Contribute to the conversation