A run down of the major security mailing lists
Here's a run down of the main mailing lists that I follow. While most of these are known in the security industry, many people who frequent this site are from various backgrounds and may find this list useful.
Bugtraq: "BugTraq is a full disclosure moderated mailing list for the *detailed* discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.". The largest and oldest list around. Respek.
Full Disclosure: An un-moderated free for all where anything goes (98% is noise)
Vuln-dev: "The VULN-DEV list exists to allow people to report potential or undeveloped holes. The idea is to help people who lack expertise, time, or information about how to research a hole do so."
Daily Dave: Focuses on lower level exploitation and groundbreaking research.
Pen-test: Help with penetration testing questions and tools.
Security Jobs: 1 guess at what this is for.
My personal favorites
SC-L: The secure coding mailing list focuses on how to program securely and security program development.
The Web Security Mailing List: Covers everything website, or application security. The highest traffic webappsec list around. Full disclosure, I founded this list and currently moderate it.
If you know of any other decent lists please suggest them below.
Here's some of the ones I like. Not all of them have mailing lists, but they do all have RSS feeds.
https://buildsecurityin.us-cert.gov
http://www.securitybloggers.net
http://www.team-cymru.org/News/
Posted by: Matt Brown | Feb 5, 2009 8:55:01 PM
InfoSec News (ISN) - http://www.infosecnews.org/
Rick Forno's Infowarrior list - http://attrition.org/mailman/listinfo/infowarrior
Posted by: BAR | Feb 6, 2009 8:18:37 AM
sans.org? Bruce Schneier's Cryptogram?
Posted by: Anonymous | Mar 11, 2009 8:04:22 PM
Those are websites and digests, not mailing lists.
Posted by: Robert | Mar 12, 2009 9:05:59 AM