Hi hawg,
subscribing to MS security alerts is a starting point I also use. Further I keep my eyes open while joining forums like this one. There are also mailinglist from websites like http://www.securityfocus.com or alike. This has proven to work fine, but I doubt you can write this down in some kind of company security guidelines
Cheers,
Frank
--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]