[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Re: Anyone know IBM's security address? + Google Hack

To: "Aaron Gray" <angray@xxxxxxxx>
Subject: Re: [Full-Disclosure] Re: Anyone know IBM's security address? + Google Hack
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Mon, 09 Aug 2004 18:36:58 +0200

* Aaron Gray:

> It turns out I was going about the process of vulnerability
> notification all wrong. I should have gone to the United States
> Computer Emergency Readiness Team to report them.
> The US-CERT home page provides an email address cert@xxxxxxxx for
> reporting vulnerabilities. If you use it, you will receive more
> detailed instructions on how to complete this form.

Before submitting *anything* to CERT/CC, be sure to review their
information sharing policies.  Last time I checked, their documented
policy was to share _everything_ with paying customers unless you
explicitly requested that information is dealt with on a need-to-know
basis.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] Re: Anyone know IBM's security address? + Google Hack
  - From: Aaron Gray

Prev by Date: RE: [Full-Disclosure] WEP utilities
Next by Date: [Full-Disclosure] iDEFENSE Security Advisory 08.09.04: AOL Instant Messenger aim:goaway URI Handler Buffer Overflow Vulnerability
Previous by thread: Re: [Full-Disclosure] Re: Anyone know IBM's security address? + Google Hack
Next by thread: Re: [Full-Disclosure] Re: Anyone know IBM's security address? + Google Hack
Index(es):
- Date
- Thread