| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070506.eea1cc4d75d8d913c1ae7bab7815d548@cynops.de>
Date: Sun, 6 May 2007 22:18:08 +0200
From: Alexander Klink <a.klink@...ops.de>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Vulnerabilities Hashes DB needed
Hi,
On Sun, May 06, 2007 at 05:45:45PM +0200, shadown wrote:
> 2- There are some vendors that are really dificult to deal with. It took me
> about 4 months to get the right contact to report the bugs, and this would
> be another think to think about, A public 'Vendor's Vulnerability Reporting
> Contact DB/List'.
That would definitely be helpful, the situation sounds familiar ...
> The main mailling list should create a 'Vulnerabilities Hashes mailing list'
> where the researches comunity can send the hashes of the PoC files just
> before they conctact the vendors. That way if the vendors do not give the
> proper credits to the researchers, at least the researches will have another
> proof to show that they were the ones that reported the vulnerabilities, and
> not just the mails they've crossed with the vendors.
You should have a look at the (free) PGP Digital Timestamping Service
at http://www.itconsult.co.uk/stamper/stampinf.htm. No need to reinvent
the wheel there, it's been alive for about 12 years now and will
timestamp and PGP sign anything you send it, including hashes.
HTH,
Alex
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists