maintaining a secure system


testing changes is just as important as initial testing
keep track of security fora
bugtraq
vuln-dev
full-disclosure
vendor lists
do not irc/IM from production machines or networks