December 19th, 2013, 10:13 PM
Patching/upgrading to remove known vulnerabilities
I wonder what is the most common method sys admins adopt to look for/verify that none of their existing software/services have been zeroday-ed. Do you guys subscribe to the RSS feeds of NVD/CVEdetails or does some one keeps pinging/looking at the sites...
Is that a time consuming exercise?
We are trying to automate this part of the process but would like to know if it is a pain point, at all?
Would love your feedback.