NIST has opened up a National Vulnerabillity Database, also available as an XML feed.  I love the fact that all of the available info will be in one place, although I do fear that it will re-open the "what's more secure" arguments that have been running for several years.

Link: http://nvd.nist.gov

Story:  http://www.fcw.com/article89911-08-15-05-Print

If researchers are pointing out the issues, the bad guys will not be far behind.  Start checking to make sure that your AV software is up to date!

Link.

Link. Microsoft Q&A.

They provide email customers with security and compliance services (retention, etc.).  As IT environments get more complex there are more opportunities for providing this type of service for part of the infrastructure.  THis is somewhat in contrast to the old approach of outsourcing everything.

Despite the slings and arrows that we endured originally when we came up with Patch Tuesday, it looks like this is gaining momentum.  This article from eWeek talks about other companies starting to release patches on Tuesday as well.  Of course there is always a dissenting opinion.

Now if only we could come up with a single auto-update mechanism that supported multiple vendors -- but that is a hairy legal as well as practical issue.

This is classic -- you get infected with spyware that masquerades as antispyware.  It pops up an alert that you're infected, and directs you to a web site to buy a licensed version of a disinfection program.  InformationWeek called it "ransom-ware" and I tend to agree.