Post all unhead reports PUBLICALLY (e.g here)! When everyone has head
everything, someone will do something ....
On Friday 06 August 2004 23:42, Jedi/Sector One wrote:
On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
Have a vulnerability in an IBM product.
sent alert to security@xxxxxxx secure@xxxxxxx and cert@xxxxxxx, all three
bounced. Can anyone tell me the official address or procedure to notify
IBM?
For AIX-releated flaws, the contact is security-alert@xxxxxxxxxxxxxx
For other products... good luck. I also have a vulnerability in an IBM
product but I wasn't able to get in touch with anyone.
Online forms told me to call a number that is unreachable outside USA.
The AIX security officer told me he would find the right contact but I
never got anything else since.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html