Educause Security Discussion mailing list archives

Re: Patches

From: Brad Judy <win-hied () BRADJUDY COM>
Date: Fri, 11 Jan 2013 08:55:13 -0700

It depends on what you mean by "all software patch announcements".  Places
like CERT only announce very critical items for major
applications/platforms.  They are great if you want to stay aware of the
biggest issues.  

Secunia is one of the best comprehensive listings
(http://secunia.com/community/advisories/historic/) but you're looking at
10-20 per day as they cover a large range of software and severities.  

I think the best plan is an RSS aggregator linked to each of the feeds from
your critical vendors to ensure you get the direct reports, plus something
like CERT to highlight really critical things.  Of course, this is coming
from someone with 60-70 security related RSS feeds in his reader, YMMV.  

As mentioned, a daily summary email is one of the useful services that is
part of the REN-ISAC.

Brad Judy

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel Bennett
Sent: Friday, January 11, 2013 8:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Patches

Does anyone on this list know of a RSS feed or web site that consolidates
all software patch announcements (product, release date, issues fixed) into
a one stop shop?

Current thread:

Patches Daniel Bennett (Jan 11)
- Re: Patches King, Ronald A. (Jan 11)
- Re: Patches Russ Leathe (Jan 11)
  - Re: Patches mccalluq (Jan 11)
- Re: Patches Brad Judy (Jan 11)
- <Possible follow-ups>
- Re: Patches Bob Doyle (Jan 15)