Is there any service available where you simply list the services, programs and versions you use, and when some CVE comes out about it, you automatically get alerted? Also, is there any other place to look for this kind of information. Do some people release security vulnerabilities to other places than CVE? So in general, how do you guys keep up to date with what might be vulnerable in your infrastructure? Edit: Since I've been asked, we are a Unix shop with mostly Red Hat and some HP-UX. I would still prefer a high level solution which are OS independent. What happens if we use software versions which are not in the official repositories of Red Hat/HP/... or simply not supported by them.