RE: Vulnerability Alerting Services

["Mikhail A. Utin" <mutin () commonwealthcare org>]

Hello,
You are the subscriber of Security Basics, so do the same for Full Disclosure, and you'll get all you need. Guys report 
on vulnerabilities found in apps you've never heard about. I believe Full Disclosure is better than paid and biosed 
vendor service. I used it few a few years and 99% satisfied.

Mikhail Utin, CISSP

________________________________________
From: listbounce () securityfocus com [listbounce () securityfocus com] On Behalf Of Steven Marco (Modern Compliance 
Solutions) [smarco () moderncompliancesolutions com]
Sent: Friday, January 20, 2012 11:38 AM
To: peenacolada69 () yahoo com; security-basics () securityfocus com
Subject: RE: Vulnerability Alerting Services

Hi,

As part of an overall Security Strategy, I would suggest you should register
with each vendor within scope and if they are credible, will supply you with
such alert in a timely order.

If you had a Compliance Risk Analysis performed, each patch update on your
servers, network devices should be included and alert you if there are any
out-of-date firmwares, Malware definitions, A/V engines and O/S security
patches/updates.

HP, Cisco are two companies that I know provide this information.

Otherwise have not heard of such a service - but is a great business idea.

Best regards,

Steven Marco, CISA, ITIL, HP SA
Modern Compliance Solutions
69 S 1200 E
Lindon, Utah 84042
801.770.1199 - Office
801.472.6371 - Cell
http://www.moderncompliancesolutions.com

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of peenacolada69 () yahoo com
Sent: Wednesday, January 18, 2012 5:50 PM
To: security-basics () securityfocus com
Subject: Vulnerability Alerting Services

What are some vulnerability alerting services that people are using and
like?  I am looking for a service that lets me specify the software/hardware
I have, and get email alerts about vulnerabilities.  Also something not too
expensive.

I know there are free lists like SecurityFocus, SANS @risk, and US-CERT
alerts, but it seems like they cover mostly major software vendors, and I'm
guessing they may not be as targeted/comprehensive as a paid for service.

Thanks

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential 
and privileged information for the use of the designated recipients named above. If you are 
not the intended recipient, you are hereby notified that you have received this communication 
in error and that any review, disclosure, dissemination, distribution or copying of it or its 
contents is prohibited. If you have received this communication in error, please reply to the 
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication 
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy, 
please visit our Internet web site at http://www.commonwealthcare.org.


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------