A service similar to the CERT security alert service, which
sends out emails about recently found security problems. Its
creation was partially inspired by CERT's announcement that it
would charge $2,500 to $75,000 a year subscription fee (depending
on the size of the subscribing organization) for timely security
alert information; non-subscribers would get the information 45
days after the subscribers. Not only is this a lot of money, but
many people found that CERT alerts were released well after a
vulnerability became known; for instance, they would often
release an advisory 60 days after the vulnerability had shown up
on BugTraq. Adding another 45 days would make the free service
virtually useless. Thus VulnWatch was born.
VulnWatch is a free, alert/vulnerability only, no-discussion
mailing list moderated by a group of volunteers; it currently only
handles non-Windows security alerts.
Their website is at http://www.vulnwatch.org/