Automate the process of looking for CVE (new vulnerabilities) related to our infrastructure

Posted by skinp on Server Fault See other posts from Server Fault or by skinp
Published on 2011-02-17T22:48:14Z Indexed on 2011/02/17 23:27 UTC
Read the original article Hit count: 140

Filed under:
|
|
|

Is there any service available where you simply list the services, programs and versions you use, and when some CVE comes out about it, you automatically get alerted?

Also, is there any other place to look for this kind of information. Do some people release security vulnerabilities to other places than CVE?

So in general, how do you guys keep up to date with what might be vulnerable in your infrastructure?

Edit: Since I've been asked, we are a Unix shop with mostly Red Hat and some HP-UX. I would still prefer a high level solution which are OS independent. What happens if we use software versions which are not in the official repositories of Red Hat/HP/... or simply not supported by them.

© Server Fault or respective owner

Related posts about unix

Related posts about watch