Veracode’s nomination for “Best Corporate Security Blog” at the 2012 Social Security Bloggers Awards got the Veracode Marketing team thinking about the other great information security blogs we follow. The Marketing team thought it would be fun to compile a list of what we think are the best 20 information security blogs. We used a very scientific process to compile this list. Inputs included - quality of blog content (from both a technical and an entertainment standpoint), level of authority of contributors, frequency of updates, overall appearance and our own subjectivity :) All the team members weighed in, and after some serious debating , we settled on the following list (in no particular order). Fortinet Security Blog Naked Security Blog Cognitive Dissidents Blog with Joshua Corman The New School of Information Security Blog Dark Reading Blog Securosis Blog Krebs on Security with Brian Krebs Thought Crime Blog with Moxie Marlinspike Schneier on Security with Bruce Schneier Root Labs RDIST with Nate Lawson Threatpost Blog Zero Day Blog with Ryan Naraine and Dancho Danchev Rational Survivability Blog with Christofer Hoff Securelist Blog TaoSecurity with Richard Bejtlich F-Secure News from the Lab Blog Andrew Hay Blog Uncommon Sense Security Blog with Jack Daniel Network Security Blog with Martin McKeay SANS AppSec Blog with Frank Kim Additionally, I would like to give a nod to the folks at the Security Bistro Blog. Their blog is too young for this list (having just launched in January 2012) but is off to an excellent start, featuring good commentary from a mix of reputable authors. So there you have it. As usual I encourage people to weigh in on our picks and offer suggestions of their own.
About Niru Raghavan
Niru Raghavan joined the Veracode team in late 2011 as an Acquisition Marketing Manager. In this role, Niru is responsible for demand generation and program management primarily for online marketing programs. Prior to joining Veracode, Niru held positions of increasing responsibility at Liberty Mutual and Staples, successfully planning and implementing sophisticated online and offline marketing initiatives. She has managed product development efforts, launch activities and online marketing programs geared toward mid to large sized businesses in select vertical markets. Her specialties include product marketing, marketing strategy, and market research/analysis. She is also a keen web analytics enthusiast and Occam’s Razor by Avinash Kaushik is her all time favorite blog.
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
Comments (29)
Thanks! Picked up a few new feeds for my reader subscriptions.
Nice list!
you can also find more blogs in http://www.hackplayers.com/2010/04/100-it-security-blogs-in-english.html#more, although we've to update our compilation...
There is also "Hagai Bar-El on Security" at www.hbarel.com/blog. Not too frequent posts, but usually sensible analysis and no time-wasters.
ZDnets' Zero Day blog is pretty much an essential element in any penetration testers RSS feed. Some other nice ones in that list such as the 'Uncommon Sense Security Blog' I'll be keeping an eye on too!
For my Google Reader I use: CSO, NetworkWorld, Slashdot, SANS ISC
Add to that list http://underurhat.com
Another blog where we aim to provide relevant security content The State of Security www.tripwire.com/blog
Another good information security blog is Security Spotlight. http://www.jurinnov.com/security-spotlight
Why is there no clear distinction between "security" and "IT & web/cyber security" when searching for security issues and subjects on the web? If you try use the web to do some research, gather important info & references or want to read up on the subject, they always appear together! In my mind this is so wrong! "IT and cyber security" form only a part of the entire security field. I strongly feel there should be a clear separation between the two (each security sector should be in its own category under the security umbrella) to allow speedier and more accurate searches. The two appearing in unison is irritating and a waste of time. I get the impression that IT and cyber security suddenly are more important than the whole security field itself and are thus getting too much exposure.
One of my personal favorites has been the blog over at Solera Networks. You can go there directly at soleranetworks.com/blogs/
Another good one in german: www.kuketz-security.de
My fault: www.kuketz-blog.de
Have you looked at http://www.cert.org/blogs/certcc/ ?
This is hub secruty systems: http://t.co/9VN1gLfz6O
Safegadget.com is good for end users looking for how to secure your computer, smartphone, etc.
http://www.safegadget.com
Check out Shred-It's information security blog, it's very insightful for fellow business owners. <a href="http://blog.shredit.com/Blogs/Securing-your-Information.aspx" rel="nofollow">www.shredit.com</a>
Another Security Blog!!!
http://www.GetHackingSecurity.com
Also try http://www.v3.co.uk/ (uk security blog) really good daily read.
Good list. For independent comment and analysis, specifically on identity and access management http://www.infosecprofessional.com is worth looking at.
This is a great security blog list- thanks for sharing this, I will definitely need to check this out! :)
Great info thanks
PCSS
Also be sure to check out http://www.seculert.com/blog/ for the latest in industry news, educational articles, and results from our Research Lab.
Just discovered a site called https://bugcrowd.com/. Anyone who enjoys pen testing can sign up as a security tester for startups. Pretty Cool.
This is a great list of security blogs. I plan to check them out individually.
Thanks
Still a relevant list but some of the blogs are not maintained as well as others with some having quite out of date content. Thanks for posting though.
Thanks for the post....security is indeed a concern and these sites are certainly useful
I am a regular visitor of F-secure news and naked security blog.I guess your list may include http://securitywing.com, which has a lots useful how-to type articles about information security.
Great list, naked security should definitely be at the top in my opinion. One addition I'd recommend specifically related to security compliance is the blog by BlackStratus (formerly Net Forensics) which can be found here: http://www.blackstratus.com/blog/
Cheers!
You should definatly add OffSec's blog:
https://www.offensive-security.com/blog/
Please Post Your Comments & Reviews
Your email address will not be published. Required fields are marked *