Public Announcement Resources for Vulnerabilities

Vulnerabilities are generally made public through different announcement systems such as security web mails, source code updates. As such there are a range of service providers that need to be monitored to cover the broad range of tools deployed. Below are a list of must monitor tools.

OpenBSD Mailing Lists (misc, tech, cvs)

The mailing lists is the public forum where OpenBSD developers get together with the interested parties (you and me.) Fortunately the number of vulnerabilities in OpenBSD are rare and far between, but the mailing lists are a source of discussions, diagnosis and learning.

Services providing summaries of source code changes include’s SRC Tracker, which I use to provide a daily digest/snapshot for perusal.

Vulnerability Announcements

Vulnerability Announcements are generally recieved through vendors, but the expanse of activities on security, and products deployed on Windows ecosystem makes it more practical to keep track of vulnerabilities through various ‘industry’ watch groups / organisations.

The following feeds are a good start for monitoring various vulnerability announcements across a range of Operating Systems and Applications.

RSS/Atom Feeds: security.opml