lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <C1C41390.91E3%thor@hammerofgod.com>
Date: Fri, 05 Jan 2007 14:39:12 -0800
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: SAP Security Contact


You guys might want to put that on your web site.  Probably somewhere under
"Contact Us" so that it is easy to, um, contact you specifically for
security issues.

Had it been someone other than Mark Litchfield or NGSSoftware who found the
unauthenticated remote vulnerability allowing for arbitrary code execution
in the SYSTEM context, they may very well have become frustrated with the
lack of contact info and the "you must mail this to the office" bit and seen
fit to just publish vulnerability details.

Something like security@....com may seem obvious, but it's better if you
list specific contact info so it can be easily found.

t




On 1/5/07 6:41 AM, "Fritz.Bauspiess@....com" <Fritz.Bauspiess@....com>
spoketh to all:

> The contact email address is <security sap com>. Security issues will then be
> handled by our Security Response Team in direct communication with the
> reporter of the issues.
> 
> Kind regards,
> Fritz Bauspiess, SAP NetWeaver Product Management Security
> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ