It’s the Reader’s Digest for penetration testers: “@Risk: The Consensus Security Alert” is a new online newsletter that highlights the week in software vulnerabilities, with analysis and commentary by leading security experts.
The SANS Institute unveiled the newsletter during the U.S. Department of Homeland Security’s National Cyber Security Summit in December, and it is currently being circulated to 200,000 network security professionals who have registered to receive it through the SANS website. “@Risk” gives network administrators a compendium of all the week’s security vulnerabilities, courtesy of Qualys Inc., and a companion listing of the week’s vulnerabilities deemed critical by TippingPoint Technologies Inc., which sells network-based intrusion-prevention systems.
Particularly useful is information called Council Actions, which features advice on handling each of the critical vulnerabilities from a panel of 12 security administrators from large corporations, government departments and organizations, says Alan Paller, research director at the Institute. Writing anonymously, the council members talk about steps, if any, that they took on each critical item, including patches, firewall configuration changes and workarounds.
To sign up for “@Risk,” go to https://portal.sans.org/preferences.php.