When I discuss security with people who aren’t security-focused, they often ask where I get my information. I usually generalize, telling them I subscribe to several security newsletters and check the web frequently. I do that to avoid a long-winded discussion of the whys and wherefores of my sources, not to hide them. This post will serve as a good reference for those who are truly interested in learning more about security in general and security issues in particular. So, I present my top five security information resources:
- Security Now! podcast produced by Leo Laporte of Twit.tv with Steve Gibson of GRC.com. The longest running security podcast on ‘Net with Episode 161 just released. Thousands of individuals, sys admins, and other security-minded professionals–many of whom have been listening to the podcast since Episode 1– rely on Steve’s unique insight into security issues.
- SANS Institute. As their site asserts, and I concur, “SANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – Internet Storm Center.”
- Dark Reading.com. In-depth security news, analysis, opinion, and product reviews.
- The Register–Security. Lots of IT news with an edge. Check it out and you’ll see.
- Secunia.com. If not the leading vulnerability intelligence provider and distributor in the world, they’re very close. Their advisories are top notch; their software advisor is a must-use tool.
What sources do you rely on? Comments welcome.