Hello,
Is there a mailing list to subscribe to so that you can be altered if a vulnerability is discovered (example: https://www.netgate.com/security)?
Otherwise, would there be an up-to-date and active dedicated web page that lists the vulnerabilities when they are discovered (example: https://docs.netgate.com/advisories/index.html).
In the worst case, is there an RSS feed to subscribe to?
Note that the basic wish is not to have alerts when a new version of the product is released, but to be alerted in the event of the discovery of a vulnerability.
Unfortunately, the release dates of the updates can sometimes be quite offset from the dates of decalration of the vulnerability and we can apply a mitigation before the publication of the update.
Maybe taking a product with support allows you to be notified of any other discoveries of vulnerabilities?
Thank you
There is a vulnerability scanner included for third party software installed.
The security advisory process (CVE assignment and subsequent report) was discussed internally this year, but the consensus is it requires too much work for our small team.
Issues will be disclosed in release notes as was always the case.
Cheers,
Franco
Hi,
Thank you for the fast reply !
In this case, would there be a place to subscribe to a mailing list to be aware of the release of updates or the only way to be is to go to this page https://forum.opnsense.org/index.php?board=11.0 ?
Thank you