How do you track security vulnerabilities? Do you rely on mailing lists or news articles for security vulnerabilities? Please share....