There are a vast number of web sites and mailing lists dedicated to security issues. Here are some other sources of security information:
Securityfocus.com has a wealth of general security-related news and information, and hosts a number of security-related mailing lists. See their website for information on how to subscribe and view their archives. A few of the most relevant mailing lists on SecurityFocus are:
The “Bugtraq” mailing list is, as noted above, a “full disclosure moderated mailing list for the detailed discussion and announcement of computer security vulnerabilities: what they are, how to exploit them, and how to fix them.”
The “secprog” mailing list is a moderated mailing list for the discussion of secure software development methodologies and techniques. I specifically monitor this list, and I coordinate with its moderator to ensure that resolutions reached in SECPROG (if I agree with them) are incorporated into this document.
The “vuln-dev” mailing list discusses potential or undeveloped holes.
IBM’s “developerWorks: Security” has a library of interesting articles. You can learn more from http://www.ibm.com/developer/security.
For Linux-specific security information, a good source is LinuxSecurity.com. If you’re interested in auditing Linux code, places to see include the Linux Security-Audit Project FAQ and Linux Kernel Auditing Project are dedicated to auditing Linux code for security issues.