Sun's security mailing lists

[morgan () engr uky edu (Wes Morgan)]

I notice that others are already posting the Sun announcements to
this list; for those of you who have expressed interest in securing
your own email subscription, here's the relevant info:

[ Note: this info was accurate at the time I subscribed - August 1993. ]

--Wes

 ---------------------------------------------                 Customer Warning System (CWS)
 ---------------------------------------------      Announcing Sun Microsystem's Customer Warning System
                 for Security Incident Handling

In order to best serve our customers' service needs, Sun has
established a Customer Warning System (CWS) for handling security
incidents.  This is a formal process which includes:

        - Having a well advertised point of contact in Sun for reporting
          security problems.

        - Pro-actively alerting customers of worms, viruses or other security
          holes that could affect their systems.

        - Distributing the patch (and/or work-around) to our customers as
          quickly as possible.

More specifically, the CWS is being set up as follows:

We have created an email address ( security-alert@sun ) which will enable
both internal and external people to have a single place to report security
problems.  We have provided a voice-mail back-up ( 415-688-9081) for the
cases where sending email is not possible.   *ALL* SECURITY HOLES SHOULD BE
REPORTED TO THIS ALIAS.

We have filled the position of "Security Coordinator" in our Customer
Service Organization.  The Security Coordinator is responsible for
manning the email and voice mail hotlines and evaluating the security
problems.   We have a Customer Warning System "SWAT Team" in place to
address severe security incidents.  The CWS SWAT Team consists of
knowledgeable senior people within Sun Corporate who are committed to
being available to meet whenever required and who are empowered to make
all necessary decisions.

We plan on publicizing the CWS bi-monthly to internal Sun aliases (to
encourage Sun Field personnel to tell their customers about this
service).  CWS will also be announced (and supported) by the various
Computer Emergency Response Teams Sun that works with.  Please pass
this information along to whoever you feel is appropriate.  Sales
Representatives should be certain to send this information to all their
security-conscious customers!

Customers and Sun Field Offices may send us a "Security Contact" from their
organizations.  This is the person Sun should contact in the case of any
new security problems.  He or she will be sent information on the problem at
hand, including work-arounds and how and when to obtain fixes.  Preferably,
your Security Contact should be technical.  He or she should be your site's
System Administrator (or System Security Administrator).  The information we
need for the Security Contact from the three geographies for customers is as
follows:

---------------------- U.S. Security Contact Information --------------------

Company Name:
Security Contact's Name:
Customer Number (from Cullinet):
Address ID (from Cullinet)*:

Postal address:
Email address:
Phone number:
Fax number:
Preferred method of contact (from above: 1st, 2nd and 3rd choice):

* If there is not an existing Address ID, we need the full address for
  the security contact.
----------------- Europe and ICON Security Contact Information ---------
--------------- Sun Field Office Security Contact Information ---------------
 ---------------------------------------------*****   PLEASE SEND THIS INFORMATION TO:   *****

          security-alert () sun com

or, if you prefer postal mail:

        Brad Powell
        c/o Sun Microsystems
        MTV18-04
        2550 Garcia Ave.
        Mt. View, CA 94043

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
From: bradpowell () Corp Sun COM (Brad Powell CTE ,OSSC)

As of October 12, 1990 the Sun Customer Warning System phone number will
be changed. The NEW CWS phone number is: 415-688-9081. This phone will
have a voice-mail backup for cases where sending email is not possible.

The email address security-alert () sun com the preferred means of contact to
report security problems, HAS NOT been changed.

 GENERAL INFORMATION

 Here are some guidelines for this service. Please note that this is a one-way
 notification system and is intended to notify you, the members of this list
 in the event of a security related incident and/or of potential security
 problems in SunOS. Use of this mail list is restricted to a few select Sun
 employees with the charter of security. Cross posting or responding to this
 mail listing will not supported. Please see below for additional information on
 services.
  Some Sun notifications may not affect your site, as some problems may be
 due to configuration or Sun hardware platform's that you may not currently
 have. It is requested you save the notifications in a safe place for future
 reference in the event you someday purchase different Sun equipment.

 Security contact mailing list is intended as a Customer Warning System, in
 the event of system security problems in SunOS or security in Sun equipment
 in general. It is not intended for posting questions or problems with Sun
 hardware or software.

What you will receive via this mail list:

  Sun will be posting information about current problems in SunOS or in
 Sun equipment. We will not be posting any detailed information on how
 a break-in happened or how to reproduce. We will be reporting, in the
 event of a problem, the fact that there may be a potential security
 problem and ways of guarding your site against the threat, work-arounds,
 and information on how to obtain a patch in the event one is required.

GUIDELINES:

 Please use the security-alert () sun com alias for posting
 bugs, either hardware or software, that are related to system security.

 Contact your local Sun Answer Center for reporting problems that are not
 security related.

 Breakdown of who to call when:

 1. Your local answer center for questions or to report problems in Sun hardware
    or Sun software in general. Or use the sunbugs () sun com alias.

 2. security-features () sun com - security product info, etc.  you can email
    to this alias to ask security questions or to get on the mailing list.

 3. security-alert () sun com - to report security holes (see Customer Warning
    System announcement for further details.) If electronic mail is not
    available or desired due to a security breech, phone (415) 336-7205
    to get a pre-recorded message and answering service.

 4. government-security () sun com - product information on SunOS MLS
    and contact information specifically related to Sun government
    products.