You must log in or # to comment.
Mailing list provided by my distro. https://lists.debian.org/debian-security-announce/
you just made me look for my distros security list, I never even thought of that!
Fediverse and RSS mostly.
I tend to find out about vulnerabilities before it hits the news outlets from the rss feed at https://seclists.org/oss-sec/
Other than that, I’ve got a bunch of other security feeds I follow and also have automated updates with just about everything.
Seeing my colleagues, I fear that the answer from them is “That’s the neat part, you don’t!”
i subscribed for fedora mailist a few days ago and their talk awas helpful for me to notice that i was one of the affected, just subscribe to your distro blog/mail/etc
Found out about the xz one on Lemmy. Years ago I was briefly subscribed to Bugtraq but that was too much. Now I’m subscribed to a few OS specific security announcement mailing lists.
the worst ones end up on https://slashdot.org/ e.g.:
https://m.slashdot.org/story/426644
I read it like twice per day. However, my software updates should fix most automatically without me even knowing what was going on.
You can watch rss feeds to follow all CVEs like Microsoft’s https://api.msrc.microsoft.com/update-guide/rss
NIST used to have an rss feed for CVEs but deprecated it recently. They still have other ways you can follow it though https://nvd.nist.gov/vuln/data-feeds
Or if you just want to follow CVEs for certain applications you can host/subscribe to something like https://www.opencve.io/welcome which allows you to filter CVEs from NIST’s National Vulnerability Database (NVD)
For Ubuntu, I use https://ubuntu.com/security/oval
I don’t. I run software whose maintainers I trust to provide regular security updates.
Of course there’s some software I have installed that doesn’t fit that criteria. But I also minimize my attack surface by exposing the bare minimum and enabling extra security features where I can.
Your distro should havê a security mailing list you van subscribe to
I actually have automated security updates on all my servers. Also in general i run greenbone at home that does daily scans of all the VLANS/networks I have at home.
Lucky I only have to worry about ones from Cisco or FortiNet and both have RSS feeds that I have linked into Slack at work to tell us when a new patch is out or a new psirt is released.
I’m subscribed to https://bugalert.org/ RSS feeds, but it seems they haven’t had any activity since October last year.
Does anyone know what happened to them?
