How do you track security vulnerabilities?

Do you rely on mailing lists or news articles for security vulnerabilities? Please share.

I only got to know about xz/liblzma ^[1] and curl ^[2] ^[3] vulnerabilities through lemmy (maybe because of high severity?).

You're viewing a single thread.

30 comments

I tend to find out about vulnerabilities before it hits the news outlets from the rss feed at https://seclists.org/oss-sec/

Other than that, I've got a bunch of other security feeds I follow and also have automated updates with just about everything.

30 comments