Hello,
You are the subscriber of Security Basics, so do the same for Full Disclosure, and you'll get all you need. Guys report on vulnerabilities found in apps you've never heard about. I believe Full Disclosure is better than paid and biosed vendor service. I used it few a few years and 99% satisfied.

Mikhail Utin, CISSP

________________________________________
From: listbounce (at) securityfocus (dot) com [email concealed] [listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Steven Marco (Modern Compliance Solutions) [smarco (at) moderncompliancesolutions (dot) com [email concealed]]
Sent: Friday, January 20, 2012 11:38 AM
To: peenacolada69 (at) yahoo (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: Vulnerability Alerting Services

Hi,

As part of an overall Security Strategy, I would suggest you should register
with each vendor within scope and if they are credible, will supply you with
such alert in a timely order.

If you had a Compliance Risk Analysis performed, each patch update on your
servers, network devices should be included and alert you if there are any
out-of-date firmwares, Malware definitions, A/V engines and O/S security
patches/updates.

HP, Cisco are two companies that I know provide this information.

Otherwise have not heard of such a service - but is a great business idea.

Best regards,

Steven Marco, CISA, ITIL, HP SA
Modern Compliance Solutions
69 S 1200 E
Lindon, Utah 84042
801.770.1199 - Office
801.472.6371 - Cell
http://www.moderncompliancesolutions.com

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of peenacolada69 (at) yahoo (dot) com [email concealed]
Sent: Wednesday, January 18, 2012 5:50 PM
To: security-basics (at) securityfocus (dot) com [email concealed]
Subject: Vulnerability Alerting Services

What are some vulnerability alerting services that people are using and
like? I am looking for a service that lets me specify the software/hardware
I have, and get email alerts about vulnerabilities. Also something not too
expensive.

I know there are free lists like SecurityFocus, SANS @risk, and US-CERT
alerts, but it seems like they cover mostly major software vendors, and I'm
guessing they may not be as targeted/comprehensive as a paid for service.

Thanks

CONFIDENTIALITY NOTICE: This email communication and any attachments may contain confidential
and privileged information for the use of the designated recipients named above. If you are
not the intended recipient, you are hereby notified that you have received this communication
in error and that any review, disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in error, please reply to the
sender immediately or by telephone at (617) 426-0600 and destroy all copies of this communication
and any attachments. For further information regarding Commonwealth Care Alliance's privacy policy,
please visit our Internet web site at http://www.commonwealthcare.org.

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]