The following sites are tried-and-true security destinations. Every IT pro should bookmark and visit these sites—often.
www.securityfocus.com Home of the Bugtraq mailing list archive, plus a good source of security white papers
www.sans.org Includes the SANS Institutes vulnerability list, white papers and port scan statistics from monitors spread around the Internet
www.cert.org The CERT Coordination Center at Carnegie Mellon provides one of the best resources for security advisories and best-practices information
cve.mitre.org Common Vulnerabilities and Exposures, the authoritative list of vulnerability definitions
icat.nist.gov The National Institute of Standards and Technologys search engine for the CVE database
www.securityportal.com Security news and commentary
www.ntbugtraq.com A Windows-specific vulnerability Web site and mailing list
www.linuxsecurity.com All things Linux security
www.microsoft.com/technet/ security Microsoft Product Security Notification Service, Microsofts security vulnerability mailing list
project.honeynet.org The Honeynet Project: Learn how to do detailed forensics after a compromise
www.wiretrip.net/rfp/ The “skinnable” home of Rain Forest Puppy provides detailed information on exploits and has been first to list several prominent vulnerabilities
www.insecure.org Home of the definitive port scanner nmap, plus a great list of security tools
www.atstake.com/research/advisories/index.html Formerly Lopht advisories, this is an excellent list of advisories that often covers applications skipped by other lists
www.2600.com Home of the venerable hacker magazine