lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAH8yC8=sz8kWEwFrQO_knuA-kfN26FhiG-z9beYwnnEohZrXAA@mail.gmail.com> Date: Sun, 27 May 2012 19:12:12 -0400 From: Jeffrey Walton <noloader@...il.com> To: MustLive <mustlive@...security.com.ua> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: About IBM On Sun, May 27, 2012 at 4:51 PM, MustLive <mustlive@...security.com.ua> wrote: > Hello guys! > > I have a question for you about IBM. Does anybody has successfully contacted > them, when they officially answered and fixed vulnerabilities in their > software, since Leandro Meiners (since 2005)? The question that comes to mind (for me) is what email address(es) did you use? Per RFC 2142, MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS (http://www.ietf.org/rfc/rfc2142.txt), security@....com should be monitored. I also suggest secure@....com since Microsoft made it somewhat popular (MS was using it around the time the RFC was published). There are a few others from the RFC I would use, including support, abuse, and noc. For web specific problems, www and hostmaster would be included. Additionally, the administrative and technical contacts for IBM can be found in any WHOIS database. I discourage folks from using a web submittal forms since using the website can be encumbered with legal terms. I even recall a site (the name escapes me) that binds you to a non-disclosure when you use their web portal to submit a bug. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists