Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Alert in case of discovery of vulnerability
« previous
next »
Print
Pages: [
1
]
Author
Topic: Alert in case of discovery of vulnerability (Read 784 times)
mc.gyver.reboot
Newbie
Posts: 6
Karma: 0
Alert in case of discovery of vulnerability
«
on:
December 22, 2022, 04:48:36 pm »
Hello,
Is there a mailing list to subscribe to so that you can be altered if a vulnerability is discovered (example:
https://www.netgate.com/security)?
Otherwise, would there be an up-to-date and active dedicated web page that lists the vulnerabilities when they are discovered (example:
https://docs.netgate.com/advisories/index.html
).
In the worst case, is there an RSS feed to subscribe to?
Note that the basic wish is not to have alerts when a new version of the product is released, but to be alerted in the event of the discovery of a vulnerability.
Unfortunately, the release dates of the updates can sometimes be quite offset from the dates of decalration of the vulnerability and we can apply a mitigation before the publication of the update.
Maybe taking a product with support allows you to be notified of any other discoveries of vulnerabilities?
Thank you
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Alert in case of discovery of vulnerability
«
Reply #1 on:
December 22, 2022, 08:39:15 pm »
There is a vulnerability scanner included for third party software installed.
The security advisory process (CVE assignment and subsequent report) was discussed internally this year, but the consensus is it requires too much work for our small team.
Issues will be disclosed in release notes as was always the case.
Cheers,
Franco
Logged
mc.gyver.reboot
Newbie
Posts: 6
Karma: 0
Re: Alert in case of discovery of vulnerability
«
Reply #2 on:
December 23, 2022, 08:58:01 am »
Hi,
Thank you for the fast reply !
In this case, would there be a place to subscribe to a mailing list to be aware of the release of updates or the only way to be is to go to this page
https://forum.opnsense.org/index.php?board=11.0
?
Thank you
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Alert in case of discovery of vulnerability