| CERIAS: Center for Education and Research in Information Assurance and Security. University center for multidisciplinary research and education in areas of information security. |
| US-CERT: Established in 2003 to protect the nation's Internet infrastructure, US-CERT coordinates defense against and responses to cyber attacks across the nation. |
| Apache HTTP Server Vulnerability Lists: Lists of security problems fixed in released versions of the Apache HTTP Server. |
| AusCERT: Australian Computer Emergency Response Team. Advisories and tools. |
| Bugtraq: Independent source for security vulnerabilities, alerts, and threats. |
| Center for Internet Security: Non-profit enterprise whose mission is to help organizations reduce the risk of business and e-commerce disruptions resulting from inadequate technical security controls. |
| CERT Coordination Center: Studies Internet security vulnerabilities, provides incident response services to sites that have been the victims of attack, publishes a variety of security alerts, researches security and survivability in wide-area-networked computing, and develops information to improve site security. |
| Citadel Security Software: Software vendor for vulnerability remediation. |
| Computer Incident Advisory Capability: CIAC publishes security bulletins and virus and hoax information. They provide computer security assistance to US Department of Energy (DOE) sites. |
| eVuln: Original source of responsible open source vulnerability research. |
| ISS X-Force: Security alerts, advisories, and alert summaries from ISS. |
| Makesecure.com: Network security news, alerts and updates |
| Microsoft Security Assessment: A software vendor that provides their own online security assessment. Good for home users. |
| Open Source Vulnerability Database: Searchable database of vulnerabilities. Offers data for download in XML format as well as via website. Details of how to submit new vulnerabilities, database schema and FAQ. |
| Oracle Security Center: Tips, tools, and technologies to keep Oracle products safe, secure, and patched. |
| Patch Management Forum: Mailing list facilitates networking and information exchange related to patch management: announcements, testing, verification, operations processes, and vulnerabilities. |
| PatchAdvisor: Fee based patch alert service. |
| PatchEasy: Software vendor for patch management. |
| Patchlink Corporation: Software vendor for cross platform patch management. |
| PatchManagement.org: Mailing list dedicated to the discussion of patch management. |
| SANS Internet Storm Center: Cooperative cyber threat monitor and alert system. Features daily handler diaries that summarize and analyze new threats and events. |
| Secunia: Provides security advisories and information about patches, and provides software for vulnerability management. |
| Secure Elements: Software vendor for compliance and vulnerability management. Provides advisories via XML and RSS, and fully supports OVAL and XCDDF XML standards for compliance and vulnerability functions. |
| SecurityMetrics Bulletin Service: Security Bulletins that are compiled from multiple leading sources and condensed to reduce your efforts in reviewing them regularly. |
| St Benard: Software vendor for patch management of operating systems and applications. |
| Symantec DeepSight Threat Management System: Fee based security alert service that provides early warning of active attacks. |
| VulnWatch: Computer security vulnerability disclosure mailing list |
Classical
