Finding Vendor Security Contacts

["Ed Ravin" <eravin () panix com>]

Mark Litchfield writes:
> Does any one have or know of a security contact within www.real.com, as I
> have a serious issue to report.  Tried the website, only have technical
> support and the web forms don't allow for much content.

At one of the BOF forums at LISA 2002, a representative from CERT,
after describing their extensive network of vendor contacts, said
that anyone who has trouble finding a security contact in a company
is welcome to contact CERT.  Though CERT will not give you anyone's
email address, they will ask the vendor's security person to contact
you directly if you request.  [Note: I have no experience with CERT,
I'm just reporting what their rep said at the BOF]

Another tip is to find the press office / public affairs office on
the vendor's web site - the PR folks usually understand the potential
image problems of security vulnerabilities.