How do you track security vulnerabilities?

Do you rely on mailing lists or news articles for security vulnerabilities? Please share.

I only got to know about xz/liblzma ^[1] and curl ^[2] ^[3] vulnerabilities through lemmy (maybe because of high severity?).

You're viewing a single thread.

30 comments

You can watch rss feeds to follow all CVEs like Microsoft’s https://api.msrc.microsoft.com/update-guide/rss

NIST used to have an rss feed for CVEs but deprecated it recently. They still have other ways you can follow it though https://nvd.nist.gov/vuln/data-feeds

Or if you just want to follow CVEs for certain applications you can host/subscribe to something like https://www.opencve.io/welcome which allows you to filter CVEs from NIST’s National Vulnerability Database (NVD)

30 comments