Writing Information Security Policies

B.2. Other Incident Response Information

Other places to look for incidents are the services that monitor and disclose bugs in system software. Because many security problems are the result of exploiting bugs, it might be worth monitoring these sites and participating in their mailing lists.

Bugtraq—A mailing list tracking bugs from all sources.— http://www.security-focus.com
NT Bugtraq—Similar to Bugtraq except specific to the Windows NT operating system.— http://www.ntbugtraq.com
Common Vulnerabilities and Exposures (CVE)—CVE aspires to describe and name all publicly known facts about computer systems that could allow somebody to violate a reasonable security policy for that system.— http://cve.mitre.org

Get Writing Information Security Policies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Writing Information Security Policies by Scott Barman

B.2. Other Incident Response Information

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly