[PCI DSS 1.x] 6.2 Establish a process to identify newly discovered security vulnerabilities (for example

[READ-ONLY] Archives [RETIRED] PCI DSS v.1.x Questions and Answers Maintain a Vulnerability Management Program
1

[PCI-DSS] 6.2 Establish a process to identify newly discovered security vulnerabilities (for example, subscribe to alert services freely available on the Internet). Update configuration standards as required by PCI DSS Requirement 2.2 to address new vulnerability issues.

  6.2.a Interview   responsible personnel to verify that processes are implemented to identify   new security vulnerabilities.

6.2.b Verify that processes to identify new security vulnerabilities include using outside sources for security vulnerability information and updating the system configuration standards reviewed in Requirement 2.2 as new vulnerability issues are found.

2

What are some recommended list for meeting part of this requirement.

3

The exact list you might use is going to be highly specific to your infrastructure, environment, architecture, internal resources, etc. A good starting point might be CERT and securityfocus but by no means is this comprehensive. Both of these places will refer to their own information resources and you should follow those leads. You should also study the sources used by your anti-malware vendors. There is a wealth of information available from multiple sources, web sites, rss feeds, listservs, and commercial vendors. The point is to do something to stay informed.