I’m having trouble staying on top of updates for my self hosted applications and infrastructure. Not everything has auto updates baked in and some things you may not want to auto update. How do y’all handle this? How do you keep track of vulnerabilities? Are there e.g. feeds for specific applications I can subscribe to via RSS or email?
My NAS is behind a firewall and doesn’t normally run the types of things you would compromise. (no web browser). They need to break many things at the same time to compromise it. I’m not saying it would be impossible to compromise my NAS, but is is very unlikely just because of how difficult it is. If I’m target of a state level attack I’m sunk anyway.
though offline backups are always a good idea. However they by definition need several days to restore (if they take less than that they are too easy for an attacker to target)