• Report an Incident
• Incident Information
• Self Service Security
• Services and Products
• Best Practices
• Policies, Guidelines and Procedures
• Security Awareness, Training and Education (SATE)
• Vulnerability Information
• About EIS
• What's New

---

Vulnerability Information

Attackers exploit existing security vulnerabilities on systems to gain unauthorized access to systems and data. Vulnerabilities can either be of a technical nature, such as bugs in software or non-technical, e.g. a user discloses their password to an unauthorized person. Keeping on top of information security vulnerabilities is an essential component of information security. The following are some resources that Enterprise Information Security feels are useful in keeping on top of the ever changing information security landscape.

External Vulnerability Resources

• SecurityFocus Vulnerabilities - The SecurityFocus group offers several useful vulnerability resources, including email lists such as BugTraq.
• CERT - Organization devoted to information security, providing useful information.
• REN-ISAC - Organization focusing on information security challenges facing educational institutions
  
• SANS Top 20 - A resource that lists the top 20 information security vulnerabilities as collected by SANS (updated annually).

UCSF Vulnerability Information

• Hoaxes

Please tell us what you think of our new website