lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 9 Jan 2007 01:02:15 -0500 From: "Stan Bubrouski" <stan.bubrouski@...il.com> To: Nicob <nicob@...ob.net> Cc: Bugtraq <bugtraq@...urityfocus.com> Subject: Re: SAP Security Contact In all fairness here, many companies have canned responses to security@...tever and may never actually respond to a sender even if action is being taken. Looking for an actual person to assure something has been recognized as a vulnerability and will be patched is not unreasonable. -sb On 1/6/07, Nicob <nicob@...ob.net> wrote: > Le vendredi 05 janvier 2007, Thor (Hammer of God) a écrit : > > > Something like security@....com may seem obvious, but it's better if you > > list specific contact info so it can be easily found. > > I don't want to be rude but : > - security@...ain.tld is the only standardized security contact (as > defined by RFC 2142) > - googling security@....com would bring some results > - this was already answered on the Full-Disclosure mailing list > - the OSVDB Vendor Dictionary contains a record for SAP > - even the SecurityFocus site has some references to this email > address : http://www.securityfocus.com/columnists/415 > > > Nicob > >
Powered by blists - more mailing lists