« Black hats poison Google video search | Main | Microsoft's SDL and the CWE/SANS Top 25 »

A run down of the major security mailing lists

Here's a run down of the main mailing lists that I follow. While most of these are known in the security industry, many people who frequent this site are from various backgrounds and may find this list useful.

Bugtraq: "BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.".  The largest and oldest list around. Respek.

Full Disclosure: An un-moderated free for all where anything goes (98% is noise)

Vuln-dev: "The VULN-DEV list exists to allow people to report potential or undeveloped holes. The idea is to help people who lack expertise, time, or information about how to research a hole do so."

Daily Dave: Focuses on lower level exploitation and groundbreaking research.

Pen-test: Help with penetration testing questions and tools.

Security Jobs: 1 guess at what this is for.

My personal favorites

SC-L: The secure coding mailing list focuses on how to program securely and security program development.

The Web Security Mailing List: Covers everything website, or application security. The highest traffic webappsec list around.  Full disclosure, I founded this list and currently moderate it.

If you know of any other decent lists please suggest them below.


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Here's some of the ones I like. Not all of them have mailing lists, but they do all have RSS feeds.




InfoSec News (ISN) - http://www.infosecnews.org/

Rick Forno's Infowarrior list - http://attrition.org/mailman/listinfo/infowarrior

sans.org? Bruce Schneier's Cryptogram?

Those are websites and digests, not mailing lists.