15.1. Information from the Vendor
Vendor channels are your best bet for finding the latest security patches. Although most vendors also issue security advisories, you can usually find out about specific exploits much sooner through third-party sources. You are also far more likely to get an accurate description of the exploit that is free from marketing spin. For example, a Microsoft press release regarding Back Orifice (a famous Trojan horse) stated:
"Back Orifice" does not expose or exploit any security issue in Windows, Windows NT, or the Microsoft BackOffice suite of products. As far as demonstrating an inherent security vulnerability in the Windows platform, this is simply not true.
Obviously, this was a great public relations spin, but ...