Hi group,

I wonder what is the most common method sys admins adopt to look for/verify that none of their existing software/services have been zeroday-ed. Do you guys subscribe to the RSS feeds of NVD/CVEdetails or does some one keeps pinging/looking at the sites...

Is that a time consuming exercise?

We are trying to automate this part of the process but would like to know if it is a pain point, at all?

Would love your feedback.