Re: Patches

[Bob Doyle <bobdoyle () KELLOGG NORTHWESTERN EDU>]

Someone appears to tweet every Secunia vulnerability notice on the Unofficial Secunia twitter account 
(@secuniadvisory): https://twitter.com/secuniadvisory

Secunia advisories provide a lot of useful info that goes beyond a list of patches, and this does appear accurate even 
though it's not official.

------------------------
Bob Doyle
Senior Data Security Analyst
Kellogg School of Management
Northwestern University
T 847-467-5984

-----Original Message-----
From: Brad Judy [mailto:win-hied () BRADJUDY COM] 
Sent: Friday, January 11, 2013 9:55 AM
Subject: Re: Patches

It depends on what you mean by "all software patch announcements".  Places like CERT only announce very critical items 
for major applications/platforms.  They are great if you want to stay aware of the biggest issues.  

Secunia is one of the best comprehensive listings
(http://secunia.com/community/advisories/historic/) but you're looking at
10-20 per day as they cover a large range of software and severities.  

I think the best plan is an RSS aggregator linked to each of the feeds from your critical vendors to ensure you get the 
direct reports, plus something like CERT to highlight really critical things.  Of course, this is coming from someone 
with 60-70 security related RSS feeds in his reader, YMMV.  

As mentioned, a daily summary email is one of the useful services that is part of the REN-ISAC.

Brad Judy

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Daniel 
Bennett
Sent: Friday, January 11, 2013 8:03 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Patches

Does anyone on this list know of a RSS feed or web site that consolidates all software patch announcements (product, 
release date, issues fixed) into a one stop shop?