lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 6 Jan 2007 18:00:05 +0100
From: Ansgar -59cobalt- Wiechers <bugtraq@...netcobalt.net>
To: Bugtraq <bugtraq@...urityfocus.com>
Subject: Re: SAP Security Contact

Thor,

On 2007-01-05 Thor (Hammer of God) wrote:
> You guys might want to put that on your web site.  Probably somewhere
> under "Contact Us" so that it is easy to, um, contact you specifically
> for security issues.
[...]
> Something like security@....com may seem obvious, but it's better if
> you list specific contact info so it can be easily found.

security@ is one of the role mailboxes specified by RFC 2142, so it
really *is* that obvious. However, I agree that despite of this it would
be better practice to put the address on the web site. Even more since
proper use of role mailboxes seems to have become the exception rather
than the rule nowadays.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Powered by blists - more mailing lists