lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 27 May 2012 19:41:42 -0400 From: Thomas Richards <g13net@...il.com> To: noloader@...il.com, MustLive <mustlive@...security.com.ua>, full-disclosure@...ts.grok.org.uk Subject: Re: About IBM Submitting to something like ZDI or Secunia may help in these cases. On 5/27/12, Jeffrey Walton <noloader@...il.com> wrote: > On Sun, May 27, 2012 at 4:51 PM, MustLive <mustlive@...security.com.ua> > wrote: >> Hello guys! >> >> I have a question for you about IBM. Does anybody has successfully >> contacted >> them, when they officially answered and fixed vulnerabilities in their >> software, since Leandro Meiners (since 2005)? > The question that comes to mind (for me) is what email address(es) did you > use? > > Per RFC 2142, MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS > (http://www.ietf.org/rfc/rfc2142.txt), security@....com should be > monitored. I also suggest secure@....com since Microsoft made it > somewhat popular (MS was using it around the time the RFC was > published). There are a few others from the RFC I would use, including > support, abuse, and noc. For web specific problems, www and hostmaster > would be included. > > Additionally, the administrative and technical contacts for IBM can be > found in any WHOIS database. > > I discourage folks from using a web submittal forms since using the > website can be encumbered with legal terms. I even recall a site (the > name escapes me) that binds you to a non-disclosure when you use their > web portal to submit a bug. > > Jeff > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Sent from my mobile device _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists