

Ask HN: How do you keep up to date with security advisories? - duck237


======
stevekemp
Mailing lists.

I subscribe to the Debian security advisory mailing list, and when new updates
are released I ensure all that are appropriate are updated upon my systems.

I also use an RSS to XMPP gateway so that that the RSS feeds of Debian,
Ubuntu, *BSD, etc are posted to an internal chatroom. Generally automated
updates are applied every day, but sometimes it is nice to do them
immediately.

(I also pay attention to oss-security, full-disclosure, etc, etc, but these
tend to be less useful.)

~~~
duck237
How about smaller libraries, that might not have mailing lists? i.e. packages
on pip, npm, or projects on GitHub that have made their way into your
application?

~~~
stevekemp
Thats where oss-security, and similar lists tend to be useful.

But to be honest once you've got an RSS to email/chat gateway you can
subscribe to new releases and similar with ease. So you tend to find you're
updated almost by accident.

------
rgacote
US CERT sends out a vulnerability list weekly on Mondays. You can also get
frequently-updated RSS feeds: [https://www.us-cert.gov/mailing-lists-and-
feeds](https://www.us-cert.gov/mailing-lists-and-feeds)

