Most legitimate cyber security news publishers, such as Security Magazine (http://www.securitymagazine.com) and Government Security News (http://www.gsnmagazine.com/) can be considered a credible source of information. Other sources of information are found with by computer industry trade groups like the Software Engineering Institute (http://www.sei.cmu.edu/), and the Verizon data breach investigations reports (http://www.verizonenterprise.com/DBIR/2013/). Another excellent source of cyber security news is the SANS Institute (http://www.sans.org/newsletters/). However, the source, most recognized as a source of threat, vulnerabilities, updates and security news is the Mitre Corporation (http://www.mitre.org/). This organization is responsible for maintaining the Common Vulnerability Exposure (CVE) listing, a listing of the vulnerabilities associate with products and services. Actually, there are many others out there, just to numerous to list. These are by far the most credible sources of information. The respective organizations are not promoting a product to the everyday commercial consumer. Also, these organizations are staffed and supported by industry professionals and, as such, are subject to peer scrutiny. They are not likely to publish bad information. Commercial computer security suppliers, like Norton (http://us.norton.com/) and McAfee (http://www.mcafeeoffers.com/) are also good sources of information. I secure my home computer using Norton 360 and periodically (about once per month) I get a pop-up notifying me of the latest news. McAfee antivirus software may do this also. A google search for the term “data breach reports” returns a link to the identity theft vendor Lifelock (http://www.lifelock.com/), although the services provided by this supplier may be satisfactory, the web site does not provide any useful information. Other similar products may also provide dubious information. If I find conflicting information, I consider the information source and any possible motivations behind their respective pronouncements. I prefer those organizations/sources who are not attempting to promote a product.