CERIAS:Center for Education and Research in Information Assurance and Security. University center for multidisciplinary research and education in areas of information security.
US-CERT:Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation.
Apache HTTP Server Vulnerability Lists: Lists of security problems fixed in released versions of the Apache HTTP Server.
AusCERT: Australian Computer Emergency Response Team. Advisories and tools.
Bugtraq: Independent source for security vulnerabilities, alerts, and threats.
Center for Internet Security: Non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls.
CERT Coordination Center: Studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to improve site security.
Citadel Security Software: Software vendor for vulnerability remediation.
Computer Incident Advisory Capability: CIAC publishes security bulletins and virus and hoax information. They provide computer security assistance to US Department of Energy (DOE) sites.
eVuln: Original source of responsible open source vulnerability research.
ISS X-Force: Security alerts, advisories, and alert summaries from ISS.
Makesecure.com: Network security news, alerts and updates
Microsoft Security Assessment: A software vendor that provides their own online security assessment. Good for home users.
Open Source Vulnerability Database: Searchable database of vulnerabilities. Offers data for download in XML format as well as via website. Details of how to submit new vulnerabilities, database schema and FAQ.
Oracle Security Center: Tips, tools, and technologies to keep Oracle products safe, secure, and patched.
Patch Management Forum: Mailing list facilitates networking and information exchange related to patch management: announcements, testing, verification, operations processes, and vulnerabilities.
PatchAdvisor: Fee based patch alert service.
PatchEasy: Software vendor for patch management.
Patchlink Corporation: Software vendor for cross platform patch management.
PatchManagement.org: Mailing list dedicated to the discussion of patch management.
SANS Internet Storm Center: Cooperative cyber threat monitor and alert system. Features daily handler diaries that summarize and analyze new threats and events.
Secunia: Provides security advisories and information about patches, and provides software for vulnerability management.
Secure Elements: Software vendor for compliance and vulnerability management. Provides advisories via XML and RSS, and fully supports OVAL and XCDDF XML standards for compliance and vulnerability functions.
SecurityMetrics Bulletin Service: Security Bulletins that are compiled from multiple leading sources and condensed to reduce your efforts in reviewing them regularly.
St Benard: Software vendor for patch management of operating systems and applications.
Symantec DeepSight Threat Management System: Fee based security alert service that provides early warning of active attacks.
VulnWatch: Computer security vulnerability disclosure mailing list