lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <6.2.3.4.0.20060103233619.05095550@pop.theworld.com>
Date: Wed Jan  4 07:09:55 2006
From: vin at theworld.com (Vin McLellan)
Subject: RSA Security's Contact Point for Vulnerability
	Reports 

Tidying up year end business, I recently realized that last summer I 
had promised the readers of Full Disclosure an update on RSA 
Security's review of their procedures for accepting bug and 
vulnerability reports from independent researchers who are neither 
RSA customers nor RSA distributors.

I could have redeemed my word -- months ago -- with a pointer to the 
RSA website, where the company established a clearly designated 
contact point for *anyone* who wishes to submit information about 
security issues in RSA's commercial 
products.  See:  <http://www.rsasecurity.com/node.asp?id=2928>.

I've been a consultant to RSA for many years. I apologize to the List 
for being so tardy in my promised follow up.  While I hope RSA's new 
channel for vulnerability reports will be seldom needed,  I trust 
those who do use it will find this vendor responsive and appreciative.

Happy New Year from Boston,

_Vin

------------------------------------------------------------
    Vin McLellan + The Privacy Guild + 
<<mailto:vin@...world.com>vin@...world.com>
          22 Beacon St., Chelsea, MA 02150-2672 USA

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ