lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue Mar 21 19:50:46 2006
From: coley at mitre.org (Steven M. Christey)
Subject: Red Hat security engineer lists sources of
	vulnerabilities


Mark Cox of Red Hat has published a blog entry that identifies how
they learned about vulnerabilities in their products:

  http://www.awe.com/mark/blog/security/200603211056.html

Note his disclaimer that "we only list the first place we found out
about an issue, and for already-public issues this may be arbitrary."
Due to the nature of the data collection, it can't be determined how
much they were notified by researchers who went through other channels
such as vendor-sec.  Still, it's an interesting breakdown, and it
would be nice to see how other vendors learn of issues.

- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ