[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87vffsl13p.fsf@deneb.enyo.de>
From: fw at deneb.enyo.de (Florian Weimer)
Subject: Re: Anyone know IBM's security address? +
Google Hack
* Aaron Gray:
> It turns out I was going about the process of vulnerability
> notification all wrong. I should have gone to the United States
> Computer Emergency Readiness Team to report them.
> The US-CERT home page provides an email address cert@...t.org for
> reporting vulnerabilities. If you use it, you will receive more
> detailed instructions on how to complete this form.
Before submitting *anything* to CERT/CC, be sure to review their
information sharing policies. Last time I checked, their documented
policy was to share _everything_ with paying customers unless you
explicitly requested that information is dealt with on a need-to-know
basis.
Powered by blists - more mailing lists