Attackers exploit existing security vulnerabilities on systems to gain unauthorized access to systems and data. Vulnerabilities can either be of a technical nature, such as bugs in software or non-technical, e.g. a user discloses their password to an unauthorized person. Keeping on top of information security vulnerabilities is an essential component of information security. The following are some resources that Security & policy feels are useful in keeping on top of the ever changing information security landscape.
External Vulnerability Resources
- SecurityFocus Vulnerabilities - The SecurityFocus group offers several useful vulnerability resources, including email lists such as BugTraq.
- CERT - Organization devoted to information security, providing useful information.
- REN-ISAC - Organization focusing on information security challenges facing educational institutions
- SANS Top 20 - A resource that lists the top 20 information security vulnerabilities as collected by SANS (updated annually).