where/how do i check for security issues (such as vulnerability) before we go ahead and install or update software?

resolver1
resolver1 used Ask the Experts™
on
How/Where do people search for security issues before installing product update?
We was just about to roll out Firefox 3.5 but have since been told it has a vulnerability on the Java side and we wondered how other companies deals with these issues before releasing them to their employees/customers.  

For the client side we are mainly windows but for the server side, we are a mix of Unix/Linux/Windows.  
We release software through Landesk on mass.  
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Commented:
I usually get a daily e-mail from: http://isc.sans.org/ and http://www.us-cert.gov/

Author

Commented:
Ive added a daily mail from us cert.gov but cant find daily mail from isc.sans.org? can you assist with finding the link to the exact page?
Companies would usually have a vulnerability management tool such as Secunia that will keep track of client computer software and let you know if an update is available.
How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

Commented:
You can sign up for SANS email here: http://isc.sans.org/notify.html

Author

Commented:
Should anyone buy Secunia? or are there certain characteristics of a company that should warrant it (such as number of computers to patch) ?

Author

Commented:
thanks for the link Khyer123
One option is to use Secunia's Personal Software Inspector (PSI).  It's a vulnerability scanner that you can use to scan a "master" computer that's loaded with your standard image or standard software.  PSI will notify you when a piece of software is vulnerable and will usually provide you with links to vendors' web sites so that you can download a patched version of the software.
Anyone can buy and benefit from secunia!  There is a free version for individual computers which i use on my home computer but there is also a corporate version called CSI http://secunia.com/vulnerability_scanning/corporate/

This allows you to centrally monitor, report, and patch systems and is ideal for any company looking for vulnerability analysis and patch checking. The best part is that once you find out that a system is vulnerable, it can help you push out updates to the software.

I have been using it for a few months and I really couldnt be happier.

Author

Commented:
do you know where i can get a 3rd party review of secunia?
Top Expert 2015
Commented:
Some more:
http://windowssecrets.com/2009/05/28/01-Shavlik-Secunia-top-Windows-Update-alternatives

Actually you should roll out Firefox 3.5.1, looks like you missed it...
Also - do not patch without actual need...

Author

Commented:
cheers guys. very comprehenvsive.  It helps alot.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial