Veracode’s nomination for “Best Corporate Security Blog” at the 2012 Social Security Bloggers Awards got the Veracode Marketing team thinking about the other great information security blogs we follow. The Marketing team thought it would be fun to compile a list of what we think are the best 20 information security blogs. We used a very scientific process to compile this list. Inputs included - quality of blog content (from both a technical and an entertainment standpoint), level of authority of contributors, frequency of updates, overall appearance and our own subjectivity :) All the team members weighed in, and after some serious debating , we settled on the following list (in no particular order).

Fortinet Security Blog

Naked Security Blog

Cognitive Dissidents Blog with Joshua Corman

The New School of Information Security Blog

Dark Reading Blog

Securosis Blog

Krebs on Security with Brian Krebs

Thought Crime Blog with Moxie Marlinspike

Schneier on Security with Bruce Schneier

Root Labs RDIST with Nate Lawson

Threatpost Blog

Zero Day Blog with Ryan Naraine and Dancho Danchev

Rational Survivability Blog with Christofer Hoff

Securelist Blog

TaoSecurity with Richard Bejtlich

F-Secure News from the Lab Blog

Andrew Hay Blog

Uncommon Sense Security Blog with Jack Daniel

Network Security Blog with Martin McKeay

SANS AppSec Blog with Frank Kim

Additionally, I would like to give a nod to the folks at the Security Bistro Blog. Their blog is too young for this list (having just launched in January 2012) but is off to an excellent start, featuring good commentary from a mix of reputable authors. So there you have it. As usual I encourage people to weigh in on our picks and offer suggestions of their own.

Niru Raghavan joined the Veracode team in late 2011 as an Acquisition Marketing Manager. In this role, Niru is responsible for demand generation and program management primarily for online marketing programs. Prior to joining Veracode, Niru held positions of increasing responsibility at Liberty Mutual and Staples, successfully planning and implementing sophisticated online and offline marketing initiatives. She has managed product development efforts, launch activities and online marketing programs geared toward mid to large sized businesses in select vertical markets. Her specialties include product marketing, marketing strategy, and market research/analysis. She is also a keen web analytics enthusiast and Occam’s Razor by Avinash Kaushik is her all time favorite blog.

Comments (30)

Blake | February 28, 2012 2:18 pm

Thanks! Picked up a few new feeds for my reader subscriptions.

hackplayers | February 28, 2012 6:25 pm

Nice list!
you can also find more blogs in, although we've to update our compilation...

Jeff K. | March 9, 2012 4:47 pm

There is also "Hagai Bar-El on Security" at Not too frequent posts, but usually sensible analysis and no time-wasters.

Mike K | September 21, 2012 10:08 am

ZDnets' Zero Day blog is pretty much an essential element in any penetration testers RSS feed. Some other nice ones in that list such as the 'Uncommon Sense Security Blog' I'll be keeping an eye on too!

Anthony G | November 4, 2012 8:17 pm

For my Google Reader I use: CSO, NetworkWorld, Slashdot, SANS ISC

wufoo | December 3, 2012 6:21 pm

Add to that list

Cindy | December 12, 2012 2:31 pm

Another blog where we aim to provide relevant security content The State of Security

Roger Blair | December 17, 2012 8:50 am

Another good information security blog is Security Spotlight.

wolf | February 20, 2013 8:23 am

Why is there no clear distinction between "security" and "IT & web/cyber security" when searching for security issues and subjects on the web? If you try use the web to do some research, gather important info & references or want to read up on the subject, they always appear together! In my mind this is so wrong! "IT and cyber security" form only a part of the entire security field. I strongly feel there should be a clear separation between the two (each security sector should be in its own category under the security umbrella) to allow speedier and more accurate searches. The two appearing in unison is irritating and a waste of time. I get the impression that IT and cyber security suddenly are more important than the whole security field itself and are thus getting too much exposure.

Robert Zannet | February 21, 2013 5:35 pm

One of my personal favorites has been the blog over at Solera Networks. You can go there directly at

Marlin Ralfen | March 6, 2013 9:22 am

Another good one in german:

Marlin Ralfen | March 6, 2013 9:23 am

My fault:

jspring | May 10, 2013 10:40 pm

Have you looked at ?

alex | May 31, 2013 4:01 am

This is hub secruty systems:

TomR | June 17, 2013 4:04 pm is good for end users looking for how to secure your computer, smartphone, etc.

George | June 24, 2013 3:52 pm

Check out Shred-It's information security blog, it's very insightful for fellow business owners. <a href="" rel="nofollow"></a>

Meeru | July 20, 2013 3:09 am

Another Security Blog!!!

Chubbs Locksmith | October 22, 2013 4:40 am

Also try (uk security blog) really good daily read.

Simon | November 1, 2013 5:04 am

Good list. For independent comment and analysis, specifically on identity and access management is worth looking at.

Chaz Elban | November 12, 2013 9:06 am

This is a great security blog list- thanks for sharing this, I will definitely need to check this out! :)

Al Jones | November 19, 2013 6:17 am

Great info thanks


Liora | November 27, 2013 10:19 am

Also be sure to check out for the latest in industry news, educational articles, and results from our Research Lab.

Andrew | December 8, 2013 1:59 pm

Just discovered a site called Anyone who enjoys pen testing can sign up as a security tester for startups. Pretty Cool.

Michael Belk | December 22, 2013 9:23 pm

This is a great list of security blogs. I plan to check them out individually.


Stuart Barker | January 16, 2014 8:34 am

Still a relevant list but some of the blogs are not maintained as well as others with some having quite out of date content. Thanks for posting though.

DERRICK JAMES | August 23, 2014 12:48 am

Thanks for the is indeed a concern and these sites are certainly useful

Andrew | July 30, 2014 11:12 am

I am a regular visitor of F-secure news and naked security blog.I guess your list may include, which has a lots useful how-to type articles about information security.

brian | May 12, 2014 1:05 pm

Great list, naked security should definitely be at the top in my opinion. One addition I'd recommend specifically related to security compliance is the blog by BlackStratus (formerly Net Forensics) which can be found here:


Eli | April 3, 2016 5:23 am

You should definatly add OffSec's blog:

Bob Rampart | October 26, 2016 5:36 pm

Cisco's Threat Research and Intelligence team has been putting out some great content:

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu