Here are the information security news feeds/email subscriptions I subscribe to in order to stay current with the latest in information security news. Drop me a line if you have others that you follow that should be added to the list. I am including details about average number of posts per week when they are available because I know it is easy to get swamped in reading material and understanding frequency of publishing vs. value you get from it is important so you can efficiently use your time.
- SANS Newsbites – SANS is my go to resource for information security related news and training.
- All of the US-CERT feeds – I view the US CERT organization as a leading authority along with SANS and subscribe to all of their feeds most of them average less than 1 per week which is manageable.
- NIST.ORG – Network Information Security & Technology News organization is a leading authority on all things information security.
- Help Net Security – Excellent source with concise articles detailing the latest in information security threats, tools, and news.
- Krebs on Security – Nice in depth security investigations especially around the underground criminal market in information security assets.
- Darkreading Weblog – Good source for staying on top of the latest security compromises and exploits. Averages 20 posts per week
- Infoworld Security Blog – Covers a variety of diverse and useful information security topics. Averages 1 post per week
- Experian Data Breach Blog – Provides info around data breaches and things you can do to help stay secure. Averages 1.2 posts per week
- SearchSecurity: Threat Monitor – Good summary of current information security threats in the wild. Averages .2 posts per week
- SearchSecurity: Security Wire Daily News – Feed for general information security information around a variety of topics. Averages 3.5 posts per week
- Qualys Newsletter – Security feed put out by Vendor Qualys I use it to get a vendor’s take on vulnerabilities and vulnerability management best practices. Averages .7 posts per week
- Eeye Security Blog – Eeye Digital Security’s blog for keeping track of their information security ideas and news. Averages 1.6 posts per week.
- SC Magazine Cybercrime Corner – Another source for staying on top of cybercrime news. Averages 2 posts per week.
- SANS Security Awareness Newsletter – Nice monthly newsletter that can be used for internal information security awareness campaigns.
- SANS @RISK Newsletter – Weekly newsletter that summarizes the top 3-8 vulnerabilities that currently matter most and how to mitigate the risk from them.
- Security Focus Mailing lists – I subscribe to a few of the many different mailing lists they offer including Web Application Security and Penetration Testing. I used to subscribe to the popular BUGTRAQ but opted out due to the volume.
- Slashdot newsletter – Useful cutting edge information security stuff here but I get the summary newsletter because the general RSS feed is very busy and difficult to stay on top of.
- Microsoft Monthly Newsletter – Nice email newsletter for those of you using and trying to secure Microsoft products
- Apple security mailing list – For you Apple fans to keep on top of security issues (yes security things happen on Apple devices too, and expect it to expand in the future)