Automate the process of looking for CVE (new vulnerabilities) related to our infrastructure
Posted
by
skinp
on Server Fault
See other posts from Server Fault
or by skinp
Published on 2011-02-17T22:48:14Z
Indexed on
2011/02/17
23:27 UTC
Read the original article
Hit count: 140
Is there any service available where you simply list the services, programs and versions you use, and when some CVE comes out about it, you automatically get alerted?
Also, is there any other place to look for this kind of information. Do some people release security vulnerabilities to other places than CVE?
So in general, how do you guys keep up to date with what might be vulnerable in your infrastructure?
Edit: Since I've been asked, we are a Unix shop with mostly Red Hat and some HP-UX. I would still prefer a high level solution which are OS independent. What happens if we use software versions which are not in the official repositories of Red Hat/HP/... or simply not supported by them.
© Server Fault or respective owner