it.ucsf.edu

Vulnerability Information

Attackers exploit existing security vulnerabilities on systems to gain unauthorized access to systems and data. Vulnerabilities can either be of a technical nature, such as bugs in software or non-technical, e.g. a user discloses their password to an unauthorized person. Keeping on top of information security vulnerabilities is an essential component of information security. The following are some resources that Security & policy feels are useful in keeping on top of the ever changing information security landscape.

External Vulnerability Resources

  • SecurityFocus Vulnerabilities - The SecurityFocus group offers several useful vulnerability resources, including email lists such as BugTraq.
  • CERT - Organization devoted to information security, providing useful information.
  • REN-ISAC - Organization focusing on information security challenges facing educational institutions
  • SANS Top 20 - A resource that lists the top 20 information security vulnerabilities as collected by SANS (updated annually).