US-CERT is a U.S. government agency that provides response support and defense against cyber attacks. US-CERT is part of the National Cyber Security Division (NCSD) at the Department of Homeland Security (DHS). Although US-CERT’s goal is to support the government agencies to defend themselves against cyber attacks, the agency disseminates cyber security information to governments, industry and the public, free of cost. You can receive regular mailing lists of known vulnerabilities from US-CERT by going to http://www.us-cert.gov/and enrolling in their mailing lists. US-CERT also allows you to report vulnerabilities so it can disseminate it to the public- companies such as Microsoft and Oracle routinely relay information about vulnerabilities they’ve discovered, as well as the fixes for those vulnerabilities.
US-CERT publishes security information various types of vulnerabilities. The US-CERT Technical Alerts contain information to protect against serious vulnerabilities. US-CERT Vulnerability Notes provide information about less severe vulnerabilities.
Just last week, for example, the agency reported a new code execution vulnerability in the Adobe Flash Player. The technical notes for this vulnerability, designed for system administrators, contain a clear description of the vulnerability, as well as detailed steps for protecting yourself against it. It takes an hour or two to patch your Adobe Flash Player so it’s immune to this newly discovered vulnerability. It is the same with the other vulnerabilities reported by US-CERT. Another recently announced vulnerability deals with Oracle Solaris 10 password hashes leaked through back-out patch files.
In today’s highly vulnerable IT environments, company would be seriously remiss if it’s not proactively fixing known vulnerabilities – really, what excuse does one have, when the vulnerability is known and the work around or fix are available to you, but you’ve never guarded yourself against it?