Everybody is selling something. Why else would they be in business writing on the internet?

Sans.edu would be happy if you attended their courses. But there's a lot of material they publish for free on their web site. Their Internet Storm Center isc.sans.edu often has insightful stuff, and breaking news.

Bruce Schneier would like you to buy his books, but he puts out an *excellent* email newsletter at no charge with lots of good info, far more than I can read in a month.

General IT topic newsletters: all of them are trying to sell you something, but you can skim the headlines and ignore the ads and pick up on interesting stuff.

For example, Netflix released an interesting "Stethoscope" security audit tool, I read in the O'Reilly Security newsletter this morning.

Microsoft's Security Bulletins tell you about the dozen patches they release each month for Office, IE/Edge, COM, All the DotNet runtimes, IIS, Exchange, etc.

Hacker Newsletter points to interesting articles though it is VERY IMPORTANT to realize that the COMMENTS ON Y-COMBINATOR ARE NOT.

Membership newsletters from EFF and ACM and FSF also lead to interesting articles.

Trust No One.

The Owls Are Not What They Seem.

Good luck.

On Wed, Feb 22, 2017 at 11:44 AM, Ken Dibble krdibble@stny.rr.com wrote:

Hi folks,

I am looking for unbiased sources of information on various "cyber security" issues. That is, the source should not be trying to sell me any products or services. And the source should understand the meaning of the following terms:

"individualized threat assessment" "proportionate response"

I'm not looking for beginner-level stuff like "always keep your software updated" but rather objective analysis of specific types of threats and potential weaknesses.

Who do you trust in these matters?

Thanks to all who respond.

Ken Dibble www.stic-cil.org

[excessive quoting removed by server]