I am a software developer that wants to stay up-to-date on network security news. What are some of the best sources online for not only keeping tabs on newly discovered security vulnerabilities that may affect projects I'm working on, but also best-practices when developing network software.
Please keep in mind that I am looking for sources that cater to the software developer not IT administration.
Go to security focus, you can find all security vulnerabilities and you can sign different kind of mail lists to get the latest bugs etc.
i don't think there is better option.
The SecurityFocus Vulnerability Database provides security professionals with the most up-to-date information on vulnerabilities for all platforms and services. SecurityFocus Mailing Lists allow members of the security community from around the world to discuss all manner of security issues. There are currently 31 mailing lists; most are moderated to keep posts on-topic and to eliminate spam
For the very latest of what happening on the net... The Internet Storm Center http://isc.sans.org/diary.html
SANS has the top 25 Programming Errors report http://www.sans.org/top25-programming-errors/
Bruce Schenier blog!
If you don't know him: http://en.wikipedia.org/wiki/Bruce_Schneier
As a developer you might be also interested in the publications of the IEEE and ACM
IEEE Security and Privacy http://www.computer.org/portal/web/security/home
ACM Special Interest Group on Security, Audit and Control http://www.sigsac.org/
I think that is a good starting base. I don't want to give you a longer list so you are not overwhelmed. Use those links to get you started. Once you read them you will get to know other people and then you might decide better which authors/places you want to learn from.
sans.org has many mailing lists which will keep you up to date on a multitude of different security issues
SANS NewsBites will keep you up to date on cyber security news from around the world, and how they pertain to the industry
@RISK is a compendium of newly discovered vulnerabilies in the wild and what they are doing. They also provide links to many of them, and almost always there is a link to security focus
finally, SANS OUCH is a more generic security newsletter with tips and tricks and interesting security stories.
SANS is a world renowned post-secondary security college.
I have a few more i can add to this list.
vulnerabilities/threats:
For vulnerabilities there by far the best is the CVE RSS:
http://nvd.nist.gov/download/nvd-rss-analyzed.xml
For emerging threats the Internet Storm Center is the best:
Bugtraq is 2nd rate and nearly every post is incorrect:
http://www.securityfocus.com/archive/1
(they also have rss: http://www.securityfocus.com/rss/vulnerabilities.xml)
The "old" SecurityFocus.com is now "Symantec Connect":
http://www.symantec.com/connect/
Security news aggregate:
http://www.reddit.com/r/security (freakn' awesome :)
http://www.hackinthebox.org (high traffic, not that great)
http://governmentsecurity.org (Meh, some people like it)
Blogs:
http://hackaday.com (Sweet hardware hacks)
http://www.schneier.com/blog/index.xml (of course ;)
http://blog.metasploit.com/feeds/posts/default (low traffic but awesome)
http://securestate.blogspot.com/feeds/posts/default (low traffic)
http://ha.ckers.org/blog/feed/ (web apps, low traffic)