Security Advisory Providers

Sometimes, servers can become compromised through no direct fault of the administrator. There exist what are known as zero-day exploits -- malicious code affecting a particular product or service which is circulated before the vendors or maintainers are even aware of the vulnerability.

Fortunately for us, this is relatively rare. The vast majority of server-level compromises are due to neglected services that haven't been patched to prevent old, well-known exploits. Once a system administrator is made aware of a weakness, he or she must assess the situation and take immediate action (even if that action is to decide that a patch isn't needed). There are situations in which a patch may be more trouble than it's worth; only you can determine how much you value your data.

Admittedly, it's not always easy to be made aware of security holes, particularly when it comes to less-common packages. That's why we've compiled a list of some helpful information sources:

© 2015 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER