There are literally thousands of web pages with pointers to other information. Some pages are comprehensive, and others are fairly narrow in focus. The ones we list here provide a good starting point for any browsing you might do. You will find most of the other useful directories linked into one or more of these pages, and you can then build your own set of bookmarks.
The staff of the CIAC keep a good archive of tools and documents available on their site. This archive includes copies of their notes and advisories, and some locally developed software:
CERIAS (Center for Education and Research in Information Assurance and Security), the successor to COAST (Computer Operations, Audit, and Security Technology) is an interdisciplinary center in information security research and education at Purdue University. It functions with close ties to researchers and engineers in major companies and government agencies. CERIAS focuses on real-world research needs and limitations.
From a purely historical perspective, this represents what may be the oldest and longest-running Internet archive of security tools and reference materials. Created in 1989 as an FTP-only site, the archive started as a collection of anti-virus tools and gradually expanded to include scanners, firewalls, and documents of all kinds. The site transitioned through gopher and web servers, and from a personal archive (Spafford's) to the COAST Laboratory archive, to the current CERIAS archive. For its first decade the site was generally believed to be the largest archive of security material on the Internet.
Over the last few years, the archive and hotlist have diverged somewhat, and fewer items are currently stored there than before. (Many of the commercial sites have resources to pay a staff to maintain more comprehensive archives.) Nonetheless, the current archive contains many items of historical interest, a large collection of useful tools and documents (including items not carried elsewhere), and items that are produced by CERIAS and CERIAS partners. There are also extensive lists of pointers to organizations and resources.
The FIRST (Forum of Incident Response and Security Teams) Secretariat maintains a large archive of material, including pointers to web pages for other FIRST teams:
The National Institute of Standards and Technology's Computer Security Division maintains a comprehensive archive of documents and tools. This is a trusted, useful site for documentation, standards, and software.
Home of the nmap port-scanning tool, the Insecure.org web site links to archives of many important mailing lists and other security information:
The web site's index page at NIH provides a large set of pointers to internal collections and other archives: