Bugtraq mailing list archives
Sun's security mailing lists
From: morgan () engr uky edu (Wes Morgan)
Date: Thu, 16 Dec 93 13:40:51 EST
I notice that others are already posting the Sun announcements to this list; for those of you who have expressed interest in securing your own email subscription, here's the relevant info: [ Note: this info was accurate at the time I subscribed - August 1993. ] --Wes --------------------------------------------- Customer Warning System (CWS) --------------------------------------------- Announcing Sun Microsystem's Customer Warning System for Security Incident Handling In order to best serve our customers' service needs, Sun has established a Customer Warning System (CWS) for handling security incidents. This is a formal process which includes: - Having a well advertised point of contact in Sun for reporting security problems. - Pro-actively alerting customers of worms, viruses or other security holes that could affect their systems. - Distributing the patch (and/or work-around) to our customers as quickly as possible. More specifically, the CWS is being set up as follows: We have created an email address ( security-alert@sun ) which will enable both internal and external people to have a single place to report security problems. We have provided a voice-mail back-up ( 415-688-9081) for the cases where sending email is not possible. *ALL* SECURITY HOLES SHOULD BE REPORTED TO THIS ALIAS. We have filled the position of "Security Coordinator" in our Customer Service Organization. The Security Coordinator is responsible for manning the email and voice mail hotlines and evaluating the security problems. We have a Customer Warning System "SWAT Team" in place to address severe security incidents. The CWS SWAT Team consists of knowledgeable senior people within Sun Corporate who are committed to being available to meet whenever required and who are empowered to make all necessary decisions. We plan on publicizing the CWS bi-monthly to internal Sun aliases (to encourage Sun Field personnel to tell their customers about this service). CWS will also be announced (and supported) by the various Computer Emergency Response Teams Sun that works with. Please pass this information along to whoever you feel is appropriate. Sales Representatives should be certain to send this information to all their security-conscious customers! Customers and Sun Field Offices may send us a "Security Contact" from their organizations. This is the person Sun should contact in the case of any new security problems. He or she will be sent information on the problem at hand, including work-arounds and how and when to obtain fixes. Preferably, your Security Contact should be technical. He or she should be your site's System Administrator (or System Security Administrator). The information we need for the Security Contact from the three geographies for customers is as follows: ---------------------- U.S. Security Contact Information -------------------- Company Name: Security Contact's Name: Customer Number (from Cullinet): Address ID (from Cullinet)*: Postal address: Email address: Phone number: Fax number: Preferred method of contact (from above: 1st, 2nd and 3rd choice): * If there is not an existing Address ID, we need the full address for the security contact. ----------------- Europe and ICON Security Contact Information --------- --------------- Sun Field Office Security Contact Information --------------- ---------------------------------------------***** PLEASE SEND THIS INFORMATION TO: ***** security-alert () sun com or, if you prefer postal mail: Brad Powell c/o Sun Microsystems MTV18-04 2550 Garcia Ave. Mt. View, CA 94043 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From: bradpowell () Corp Sun COM (Brad Powell CTE ,OSSC) As of October 12, 1990 the Sun Customer Warning System phone number will be changed. The NEW CWS phone number is: 415-688-9081. This phone will have a voice-mail backup for cases where sending email is not possible. The email address security-alert () sun com the preferred means of contact to report security problems, HAS NOT been changed. GENERAL INFORMATION Here are some guidelines for this service. Please note that this is a one-way notification system and is intended to notify you, the members of this list in the event of a security related incident and/or of potential security problems in SunOS. Use of this mail list is restricted to a few select Sun employees with the charter of security. Cross posting or responding to this mail listing will not supported. Please see below for additional information on services. Some Sun notifications may not affect your site, as some problems may be due to configuration or Sun hardware platform's that you may not currently have. It is requested you save the notifications in a safe place for future reference in the event you someday purchase different Sun equipment. Security contact mailing list is intended as a Customer Warning System, in the event of system security problems in SunOS or security in Sun equipment in general. It is not intended for posting questions or problems with Sun hardware or software. What you will receive via this mail list: Sun will be posting information about current problems in SunOS or in Sun equipment. We will not be posting any detailed information on how a break-in happened or how to reproduce. We will be reporting, in the event of a problem, the fact that there may be a potential security problem and ways of guarding your site against the threat, work-arounds, and information on how to obtain a patch in the event one is required. GUIDELINES: Please use the security-alert () sun com alias for posting bugs, either hardware or software, that are related to system security. Contact your local Sun Answer Center for reporting problems that are not security related. Breakdown of who to call when: 1. Your local answer center for questions or to report problems in Sun hardware or Sun software in general. Or use the sunbugs () sun com alias. 2. security-features () sun com - security product info, etc. you can email to this alias to ask security questions or to get on the mailing list. 3. security-alert () sun com - to report security holes (see Customer Warning System announcement for further details.) If electronic mail is not available or desired due to a security breech, phone (415) 336-7205 to get a pre-recorded message and answering service. 4. government-security () sun com - product information on SunOS MLS and contact information specifically related to Sun government products.
Current thread:
- Sun's security mailing lists Wes Morgan (Dec 16)
- <Possible follow-ups>
- Re: Sun's security mailing lists Brad Powell - Sun CIS (Dec 16)
- Re: Sun's security mailing lists Mark Graff (Dec 16)