UCSF IT Security maintains two listservs to communicate common security updates and vulnerability notifications to everyone with IT Security responsibilities: SEC-AUTO and SECURITY-UPDATE.

Individuals with IT job codes are automatically added to the SEC-AUTO listserv. Regardless of their job title, due to their responsibilities, all Unit Information Security Leads that are not on the SEC-AUTO listserv must subscribe to the SECURITY-UPDATE listserv. 

Steps to subscribe to a listserv are available at Subscribe to a Listserv. 

Note that for applications installed outside of central UCSF IT support, per UC policy IS-3 section 12.6, the Unit (e.g., department) is responsible for the software updates. Installing applications means that the Unit is taking on the responsibility of ensuring those applications are kept up to date, either by completing the updates themselves or by working with UCSF IT to coordinate that effort.

Additional Information

UC BFB-IS-3: Information Security (section 12.6)