<HTML ><HEAD ><TITLE >Other Sources of Security Information</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Secure Programming for Linux and Unix HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Background" HREF="background.html"><LINK REL="PREVIOUS" TITLE="Sources of Design and Implementation Guidelines" HREF="sources-of-guidelines.html"><LINK REL="NEXT" TITLE="Document Conventions" HREF="conventions.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Secure Programming for Linux and Unix HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="sources-of-guidelines.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 2. Background</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="conventions.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="OTHER-SOURCES" ></A >2.9. Other Sources of Security Information</H1 ><P >There are a vast number of web sites and mailing lists dedicated to security issues. Here are some other sources of security information: <P ></P ><UL ><LI ><P ><A HREF="http://www.securityfocus.com" TARGET="_top" >Securityfocus.com</A > has a wealth of general security-related news and information, and hosts a number of security-related mailing lists. See their website for information on how to subscribe and view their archives. A few of the most relevant mailing lists on SecurityFocus are: <P ></P ><UL ><LI ><P >The ``Bugtraq'' mailing list is, as noted above, a ``full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.''</P ></LI ><LI ><P >The ``secprog'' mailing list is a moderated mailing list for the discussion of secure software development methodologies and techniques. I specifically monitor this list, and I coordinate with its moderator to ensure that resolutions reached in SECPROG (if I agree with them) are incorporated into this document.</P ></LI ><LI ><P >The ``vuln-dev'' mailing list discusses potential or undeveloped holes.</P ></LI ></UL ></P ></LI ><LI ><P >IBM's ``developerWorks: Security'' has a library of interesting articles. You can learn more from <A HREF="http://www.ibm.com/developer/security" TARGET="_top" >http://www.ibm.com/developer/security</A >.</P ></LI ><LI ><P >For Linux-specific security information, a good source is <A HREF="http://www.linuxsecurity.com" TARGET="_top" >LinuxSecurity.com</A >. If you're interested in auditing Linux code, places to see include the <A HREF="http://www.linuxhelp.org/lsap.shtml" TARGET="_top" >Linux Security-Audit Project FAQ</A > and <A HREF="http://www.lkap.org" TARGET="_top" >Linux Kernel Auditing Project</A > are dedicated to auditing Linux code for security issues.</P ></LI ></UL > Of course, if you're securing specific systems, you should sign up to their security mailing lists (e.g., Microsoft's, Red Hat's, etc.) so you can be warned of any security updates.</P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="sources-of-guidelines.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="conventions.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Sources of Design and Implementation Guidelines</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="background.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Document Conventions</TD ></TR ></TABLE ></DIV ></BODY ></HTML >