Why?
Mainly, to protect yourself, your company and your customers. If you do not stay up to date on security vulnerabilities you may be installing equipment with known issues then if you are lucky your customer will fail a penetration test, if you are less lucky they will fail a compliance test or maybe get hacked – or both and usually the first word uttered by the customer is ‘compensation’.
If you do stay up to date the correct patches can be applied, in a timely fashion, and everyone, hopefully, stays happy.
Where are these security advisories kept?
On the internet, there are many sites;
Common Vulnerabilities and Exploits - http://cve.mitre.org/
National Vulnerability Data Base - http://nvd.nist.gov/
BugTraq - http://www.securityfocus.com/
Open Source Vulnerability Data Base - http://osvdb.org
United States Computer Emergency Readiness Team- http://www.kb.cert.org/vuls/
IBM Internet Security Systems - http://xforce.iss.net/
SANS - http://www.sans.org/
To name but a few and all you have to do is to monitor them and sort the wheat from the chaff. On an average week I will receive approximately 1200 notifications of which, usually, less than a dozen will be telecom related.