Does anyone have any strategies for being updated when new vulnerabilities are released? I've always wondered how people stay on top of these situations.
30+ years of tech, retired from an identity intelligence company, now part-time with an insurance broker.
Dev community mod - mostly light gardening & weeding out spam :)
I think, sadly, as with a lot of tech these days it's either 'maybe see something on twitter' or 'saw a blog post the other day' :-/ Docker's own CVE database doesn't inspire much confidence either : docker.com/legal/docker-cve-database
Container runtime images for Docker that are published in the Azure Marketplace are patched to the latest CVE standards. All VM and container images undergo vulnerability testing prior to publication in Azure Marketplace.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Does anyone have any strategies for being updated when new vulnerabilities are released? I've always wondered how people stay on top of these situations.
I find a reasonable amount via the Full Disclosure mailing list:
seclists.org/fulldisclosure/
Other sources are my Twitter contacts in the infosec industry, including the official CVE team cve.mitre.org/cve/
Finally - I run Debian on public systems, so their own security patches are a source of alerts.
I think, sadly, as with a lot of tech these days it's either 'maybe see something on twitter' or 'saw a blog post the other day' :-/ Docker's own CVE database doesn't inspire much confidence either : docker.com/legal/docker-cve-database
Container runtime images for Docker that are published in the Azure Marketplace are patched to the latest CVE standards. All VM and container images undergo vulnerability testing prior to publication in Azure Marketplace.