Signature development

[<ravivsn () roc co in>]

   Hi,
         Thank you for the great answers on my earlier subject :
         Help in evaluating
         IDS/IPS solutions. I got several emails to my mail box
         directly too. Interestingly (to me), good number of respondents
         asked me to look at inline_snort.

          Though we plan to resell the IDS solution, we are also will
          be directly responsible in maintaining the IDS solution in
          our customer base. Our customers expect us to select the
          IDS vendor and provide security in timely manner. It is onus
          on us to get the right IDS vendor and it is our responsibility
          to provide signatures in timely manner. What it means is that,
          my company needs to produce signatures yet times, if the
          IDS vendor is slow to respond. In this context, some of company
          management thinks that in the long run, having control over
          software and development of signatures is good for us. I
          don't want to bother you with these details, but what I find
          is that, we need to be pro-active in providing new signatures
          for new exploits in timely manner. In this context,
          I have following questions.

         1. How do we get to know the new exploits? We found the
            www.cert.org provides advisories. We also find that
            www.securityfocus.com bugtraq list, which has exploit
            scripts/programs to some extent.
            Are there any other resources?

         2. These advisories have very high level information on the
            exploit and patches from application vendors. But, they
            don't have any information on exact details on the exploit.

              To write the signatures, more information on the exploit
              is required, such as exploit details, attack scripts.
              Even if there is no script, detailed information on the
              exploit is required to write and test the signature.

              Where do I find this? Is there any list (commercial or free)
              to get this information?
              I tried to search in cert.org and securityfocus.com for
              this info on internet, but could not.
              Any information on this greatly appreciated.



      Thanks and regards
       Ravi




-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?

IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
- including intrusion identification, relevancy, direction, impact and analysis 
- enabling a path to prevention.

Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: 
http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------