Vulnerability disclosure and tracking
The following is a list of online resources that may help you track vulnerability information. Many of these websites are best known for their open vulnerability disclosure program, so you are free to contribute your vulnerability research to any of these public/private organizations. Some of them also encourage a full disclosure policy based on the paid incentive program to reward security researchers for the valuable time and effort they put into vulnerability investigation and the development of proof of concept (PoC) code.
The following are some of the vulnerability disclosure and tracking websites that you can use:
|
URL |
Description |
|---|---|
|
The Open Source Vulnerability Database | |
|
Public vulnerabilities, mailing lists, and security tools | |
|
Exploits, advisories, tools, and whitepapers | |
|
Advisories, whitepapers, security factsheets, and research papers | |
|
Exploits database, Google Hacking Database (GHDB), and papers | |
|
NVD is a U.S. government repository for a vulnerability database based on CVE | |
|
RedHat errata notification and security advisories | |
|
CentOS security and general announcement mailing list | |
|
DHS US-CERT reports security issues, vulnerabilities, and exploits technical alerts | |
|
IBM X-Force offers security threat alerts, advisories, vulnerability database, and whitepapers | |
|
Debian security advisories and mailing lists | |
|
SUSE Linux Enterprise security advisories | |
|
Microsoft security advisories | |
|
Microsoft security bulletins | |
|
Ubuntu security notices | |
|
First Common Vulnerability Scoring System (CVSS-SIG) | |
|
Cisco security advisories, responses, and notices. | |
|
Security alerts and dashboard, and CVSS calculator. | |
|
Security vulnerabilities information. | |
|
Australian CERT publishes security bulletins, advisories, alerts, presentations, and papers. | |
|
Advisories, vulnerability database, PoC, and virus reports. | |
|
Vulnerability research, publications, advisories, and tools. | |
|
Security advisories and security publications. | |
|
Malware sample repository. | |
|
MITRE offers standardized protocols for the communication of security data related to vulnerability management, intrusion detection, asset security assessment, asset management, configuration guidance, patch management, malware response, incident management, and threat analysis. Common Vulnerabilities and Exposures (CVE), Common Weakness Enumeration (CWE), Common Attack Pattern Enumeration and Classification (CAPEC), and Common Configuration Enumeration (CCE) are a few of them. |
