<div>
including DOS, DDOS/Botnet, application blacklisting/greylisting, SYN flooding,<br />
Trojan as well
</div>


including DOS, DDOS/Botnet, application blacklisting/greylisting, SYN flooding,
Trojan as well

<div>
<div class="content wysiwyg-content">
I often need to assess vulnerabilities relating to <br />
a) OS (Windows, Redhat Linux &amp;&nbsp;a bit of Solaris x86) &amp;<br />
b) MS Products (Sharepoint, IIS, clustering, .Net Framework, HL7, SQL etc), <br />
c) VMWare products (cloud environment, ESXi, vCenter, vCloud &nbsp;Director, vShield etc) &amp;&nbsp;<br />
<br />
their relevance/risk level/applicability &amp;&nbsp;the patches/fixes/workarounds needed<br />
in our cloud. &nbsp;I have to complete the assessments within 3-6 hours.<br />
<br />
What are some of the active mailing lists &amp;&nbsp;forums that cover <br />
these topics &nbsp;that I can raise clarifications &amp;&nbsp;get good &amp;&nbsp;fast<br />
responses? &nbsp;<br />
<br />
Pls indicate those where the responses are publicly viewable &amp;&nbsp;those<br />
that are not.<br />
<br />
I may raise clarifications relating to malicious Content issues (iVPN-1<br />
NGX R62), &nbsp;cross-site scripting, Tipping Point IPS/IDS scanning/<br />
signatures, antivirus (TrendMicro that does deep scans) &amp;&nbsp;various <br />
PenTests / scanning.
</div>
</div>


I often need to assess vulnerabilities relating to 
a) OS (Windows, Redhat Linux & a bit of Solaris x86) &
b) MS Products (Sharepoint, IIS, clustering, .Net Framework, HL7, SQL etc), 
c) VMWare products (cloud environment, ESXi, vCenter, vCloud  Director, vShield etc) & 

their relevance/risk level/applicability & the patches/fixes/workarounds needed
in our cloud.  I have to complete the assessments within 3-6 hours.

What are some of the active mailing lists & forums that cover 
these topics  that I can raise clarifications & get good & fast
responses?  

Pls indicate those where the responses are publicly viewable & those
that are not.

I may raise clarifications relating to malicious Content issues (iVPN-1
NGX R62),  cross-site scripting, Tipping Point IPS/IDS scanning/
signatures, antivirus (TrendMicro that does deep scans) & various 
PenTests / scanning.

Active mailing lists / forums for IT security vulnerabilities discussion

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.