There are many mailing lists that cover security-related material. We describe a few of the major ones here. However, this is not to imply that only these lists are worthy of mention! There may well be other lists of which we are unaware, and many of the lesser-known lists often have a higher volume of good information.
Never place blind faith in anything you read in a mailing list, especially if the list is unmoderated. There are a number of self-styled experts on the Net who will not hesitate to volunteer their views, whether knowledgeable or not. Usually, their advice is benign, but sometimes it is quite dangerous. There may also be people who are providing bad advice on purpose, as a form of vandalism. And certainly, there are times when the real experts make a mistake or two in what they recommend in an offhand note posted to the Net.
There are some real experts on these lists who are (happily) willing to share their knowledge with the community, and their contributions make the Internet a better place. However, keep in mind that simply because you read it on the Internet does not mean that the information is correct for your system or environment, that it has been carefully thought out, that it matches your site policy, and it most certainly does not mean that it will help your security. Always evaluate carefully the information you receive before acting on it.
Many of the incident response teams (listed in Appendix E) have mailing ...