Top 20 Security Blogs

Veracode’s nomination for “Best Corporate Security Blog” at the 2012 Social Security Bloggers Awards got the Veracode Marketing team thinking about the other great information security blogs we follow. The Marketing team thought it would be fun to compile a list of what we think are the best 20 information security blogs.

We used a very scientific process to compile this list. Inputs included – quality of blog content (from both a technical and an entertainment standpoint), level of authority of contributors, frequency of updates, overall appearance and our own subjectivity :)

All the team members weighed in, and after some serious debating , we settled on the following list (in no particular order).

Fortinet Security Blog
Naked Security Blog
Cognitive Dissidents Blog with Joshua Corman
The New School of Information Security Blog
Dark Reading Blog
Securosis Blog
Krebs on Security with Brian Krebs
Thought Crime Blog with Moxie Marlinspike
Schneier on Security with Bruce Schneier
Root Labs RDIST with Nate Lawson
Threatpost Blog
Zero Day Blog with Ryan Naraine and Dancho Danchev
Rational Survivability Blog with Christofer Hoff
Securelist Blog
TaoSecurity with Richard Bejtlich
F-Secure News from the Lab Blog
Andrew Hay Blog
Uncommon Sense Security Blog with Jack Daniel
Network Security Blog with Martin McKeay
SANS AppSec Blog with Frank Kim

Additionally, I would like to give a nod to the folks at the Security Bistro Blog. Their blog is too young for this list (having just launched in January 2012) but is off to an excellent start, featuring good commentary from a mix of reputable authors.

So there you have it. As usual I encourage people to weigh in on our picks and offer suggestions of their own.

Blake | February 28, 2012 2:18 pm

Thanks! Picked up a few new feeds for my reader subscriptions.

Jeff K. | March 9, 2012 4:47 pm

There is also “Hagai Bar-El on Security” at http://www.hbarel.com/blog. Not too frequent posts, but usually sensible analysis and no time-wasters.

Mike K | September 21, 2012 10:08 am

ZDnets’ Zero Day blog is pretty much an essential element in any penetration testers RSS feed. Some other nice ones in that list such as the ‘Uncommon Sense Security Blog’ I’ll be keeping an eye on too!

Anthony G | November 4, 2012 8:17 pm

For my Google Reader I use: CSO, NetworkWorld, Slashdot, SANS ISC

wolf | February 20, 2013 8:23 am

Why is there no clear distinction between “security” and “IT & web/cyber security” when searching for security issues and subjects on the web? If you try use the web to do some research, gather important info & references or want to read up on the subject, they always appear together! In my mind this is so wrong! “IT and cyber security” form only a part of the entire security field. I strongly feel there should be a clear separation between the two (each security sector should be in its own category under the security umbrella) to allow speedier and more accurate searches. The two appearing in unison is irritating and a waste of time. I get the impression that IT and cyber security suddenly are more important than the whole security field itself and are thus getting too much exposure.

Robert Zannet | February 21, 2013 5:35 pm

One of my personal favorites has been the blog over at Solera Networks. You can go there directly at soleranetworks.com/blogs/

TomR | June 17, 2013 4:04 pm

Safegadget.com is good for end users looking for how to secure your computer, smartphone, etc.

http://www.safegadget.com

George | June 24, 2013 3:52 pm

Check out Shred-It’s information security blog, it’s very insightful for fellow business owners. http://www.shredit.com

Chaz Elban | November 12, 2013 9:06 am

This is a great security blog list- thanks for sharing this, I will definitely need to check this out! :)

Al Jones | November 19, 2013 6:17 am

Great info thanks

PCSS

Liora | November 27, 2013 10:19 am

Also be sure to check out http://www.seculert.com/blog/ for the latest in industry news, educational articles, and results from our Research Lab.

Andrew | December 8, 2013 1:59 pm

Just discovered a site called https://bugcrowd.com/. Anyone who enjoys pen testing can sign up as a security tester for startups. Pretty Cool.

Michael Belk | December 22, 2013 9:23 pm

This is a great list of security blogs. I plan to check them out individually.

Thanks

Stuart Barker | January 16, 2014 8:34 am

Still a relevant list but some of the blogs are not maintained as well as others with some having quite out of date content. Thanks for posting though.

brian | May 12, 2014 1:05 pm

Great list, naked security should definitely be at the top in my opinion. One addition I’d recommend specifically related to security compliance is the blog by BlackStratus (formerly Net Forensics) which can be found here: http://www.blackstratus.com/blog/

Cheers!

Andrew | July 30, 2014 11:12 am

I am a regular visitor of F-secure news and naked security blog.I guess your list may include http://securitywing.com, which has a lots useful how-to type articles about information security.

DERRICK JAMES | August 23, 2014 12:48 am

Thanks for the post….security is indeed a concern and these sites are certainly useful

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

*

RSS feed for comments on this post