Private
Anser.Org Research Institute
Anser is a non-profit public service research institute dedicated to enhance public awareness, communication, and education for the science and technology workforce.
Astalavista
good links to the underground.
AT&T Labs Research
A full-text resource for advanced technology research from 1996-present.
Attrition.org
one of the largest catalogs of security advisories
BITS
BITS is a nonprofit industry consortium of the 100 largest financial institutions in the United States focused on issues related to e-commerce, payments and emerging technologies.
CGI Security
CGI Security.com is dedicated to web application security.
CIS
provides methods and tools to improve, measure, monitor, and compare the security status of your Internet-connected systems and appliances, plus those of your business partners.
CSI
Computer Security Institute (CSI) is the world's leading membership organization specifically dedicated to serving and training the information, computer and network security professional.
Counterpane Internet Security
Managed Security Monitoring.
Encyclopedia of Computer Security
A free security resource site for the IT industry covering the latest warnings, product news, and white papers.
Global Grid Forum
The Global Grid Forum (GGF) is a community-initiated forum of individual researchers and practitioners working on distributed computing, or "grid" technologies.
GnuPG
Privacy Handbook
This handbook covers the core functionality and all aspects of GnuPG. GnuPG uses public-key cryptography so that users may communicate securely.
GovernmentSecurity.org
security related website that proclaims Library Status - organization follows the motto: Know thy Enemy...
HP Labs
HP Labs is one of the world's largestindustrial research laboratories.
IATFF
- Information Assurance Technical Framework Forum
IBM Research
good real world case studies
ISF
Information Security Forum
The ISF Standard of Good Practice for Information Security is designed to help any organization, irrespective of market sector, size or structure, keep the risks associated with its information systems within acceptable limits. Download the PDF standard from http://www.isfsecuritystandard.com.
Information Security Research Center
SecureStandard.com has compiled a list of security related documents from an array of sources with a good selection of Security Policies.
ISACA
ISACA sponsors international conferences, administers the CISA® (Certified Information Systems Auditor™) designation and develops globally applicable information systems (IS) auditing and control standards.
(ISC)2
International Information Systems Security Certifications Consortium,
ISECOM
The Institute for Security and Open Methodologies (ISECOM) is a non-profit, international, research initiative dedicated to defining standards in security testing and business integrity testing
ISSA
not-for-profit international organization of information security professionals and practitioners.
Java Security
Java security architecture, standards-based and interoperable. Security features -- cryptography, authentication and authorization, public key infrastructure
mi2g
Security Architecture
Microsoft Research Publications
available with text search, a resource of technology research.
Neohapsis Archives
consultants in the world of network and security consulting.
NetIQ
Manageability, Windows 2000 Migration, Exchange Migration, Security Monitoring and Management, Network Performance Management, Storage Administration, Automated Provisioning, Directory Management, and Web Analytics
Netsecurity.org
a good database of articles
Netstumbler
wireless networking technology and security of all kinds.
Network Security Library
hundreds of articles, FAQs, white papers and books on network security
NTSecurity.com
portal for NT Security.
OWASP
The Open Web Application Security Project (OWASP) is about the security of web applications and web services and is rapidly becoming a de facto standard.
Razor BindView Security Researchers
BindView's RAZOR is a worldwide team of cutting-edge security researchers.
SANS
Ruthlessly commercial but great information security related training
SANS Security Policy Project
policy templates for security requirements.
Secure Coding
on-line home of Secure Coding: Principles and Practices book
SecureInfo
security policy development, information assurance, risk management and enterprise level security.
Security Focus
enterprise security threat management systems, alerts of impending cyber attacks also licenses the world's largest, vulnerability database and hosts the security community mailing list, Bugtraq
SecurityForums
a friendly community for security and other areas, for asking questions, gaining experience and learning
Security Protocols
meant to be a site for hackers by hackers.
SOMAP.org
Security Officers Management and Analysis Project (SOMAP.org) - management and analysis concerning policies, procedures, standards and documentation
SpyDynamics.com
Enterprise Security for Web Applications - security throughout the application lifecycle – from development to post-production.
Sun Microsystems Research Lab
web technologies, and Java[tm] technologies, are the best.
TISC
The Internet Security Conference Security Resources & Links maintains a collection of security resources and links compiled by their advisory staff and readers.
W3C
The World Wide Web Consortium (W3C) develops interoperable technologies (specifications, guidelines, software, and tools) for the world wide web.
WASC
a group of top security experts dedicated to developing and promoting standards of best practice for the World Wide Web.
Whitehats.com
network security. Whitehats.com offers free software and community support with a policy of full-disclosure and user education.
WindowsSecurity.com
Windows security news, articles, tutorials, software listings and reviews covering topics such as firewalls, viruses, intrusion detection and other security.
zone-h.org
IT security news and statistics
CERT Coordination Center
The CERT Coordination Center (CERT/CC) is a center of Internet security, at the Software Engineering Institute operated by Carnegie Mellon University.
CMU
Carnegie Mellon
The National Security Agency designated Carnegie Mellon University (CMU) as a Center of Academic Excellence in Information Assurance Education.
GASSP
Generally Accepted System Security Principles (GASSP).
ISG
Royal Holloway, University of London
The Information Security Group (ISG) at Royal Holloway is an interdisciplinary research group comprised of computer scientists and mathematicians.
NCSTRL
at the Massachusetts Institute of Technology
an international collection of computer science technical reports from departments, industrial and government research laboratories, made available for non-commercial and educational use.
Common Criteria
IS15408
In June 1993, the sponsoring organizations of the existing US, Canadian, and European criterias started the CC Project to align their separate criteria into a single set of IT security criteria.
CRN
The Comprehensive Risk Analysis and Management Network (CRN) provides information covering the full range of risks and vulnerabilities. The project is supported by the Swiss Government as an official part of Switzerland's participation in Partnership for Peace (PfP).
CSRC
Computer Security Resource Center is one of eight divisions within NIST grouped into five major categories: Cryptographic Standards, Security Testing, Security Research and Emerging Technologies, Security Management and Guidance, Outreach, Awareness and Education.
NIST
Computer Security Resource Center.
Rainbow Series Library
Common Criteria (CC) replaces the Rainbow Series, it is still referenced in some security domains.