Good morning, I'm writing up a patch management policy. In the policy I'd like to add requirements for obtaining security alerts. We are currently signed up for Sun's Security weekly notification. Are there any other reports that we should be looking at (organizations that email (etc.) alerts whether periodically or as discovered). Many thanks, Joan