I'm building a security vulnerability alerts service (details below), to use myself, and I'll make it available to others too. For server and client side (incl. Javascript) vulnerabilities, and dev/ops' operating systems and tools (e.g. IntelliJ, Chrome) vulnerabilities.

Which vulnerability feeds would you recommend that I monitor, to get to know about "all" vulnerabilities and exploits?

I've found these feeds:

1) https://nvd.nist.gov/download.cfm#RSS (a "National Vulnerability Database" feed, which I found via https://cve.mitre.org/cve/data_updates.html)

2) https://snyk.io/vuln/ (I'll need to find out / ask if their license allows my intended usage)

(then there's https://nodesecurity.io but they don't seem to have any data feed)

Is there any point in monitoring mailing lists like Bugtraq and the NVD feed mentioned above? Or are all important vulnerabilities posted in Bugtraq also included in the NVD database?

( Details: The point with this service is: """Security vulnerability alerts. For the software and services you use — instead of everything in the whole world.""" You can read more here: https://www.exploits.social/ — feedback about the idea, is welcome. Or if you happen to know that what I'm building, already exists. I know about: http://security.stackexchange.com/questions/25557/how-to-subscribe-to-information-about-new-vulnerabilities-in-selected-products — but the answers mentions either hard-to-use things and/or rather expensive things. For example, the top answer suggests subscribing to one "product" / "vendor" at a time, here: http://www.cvedetails.com/product-list.php — but the user experience at that site, isn't the best. And the 2nd answer is a commercial product, which seems expensive, because apparently I need to contact the company and ask for a quote. )

(I asked at Reddit 20 days ago, https://www.reddit.com/r/security/comments/4wun43/which_vulnerability_feeds_should_i_monitor_for_a/, and got some helpful replies, but about other things.)

Best regards, KajMagnus