Bugtraq mailing list archives

Re: SAP Security Contact

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 6 Jan 2007 18:00:05 +0100

Thor,

On 2007-01-05 Thor (Hammer of God) wrote:

You guys might want to put that on your web site.  Probably somewhere
under "Contact Us" so that it is easy to, um, contact you specifically
for security issues.

[...]

Something like security () sap com may seem obvious, but it's better if
you list specific contact info so it can be easily found.


security@ is one of the role mailboxes specified by RFC 2142, so it
really *is* that obvious. However, I agree that despite of this it would
be better practice to put the address on the web site. Even more since
proper use of role mailboxes seems to have become the exception rather
than the rule nowadays.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

SAP Security Contact Mark Litchfield (Jan 04)
- <Possible follow-ups>
- Re: SAP Security Contact Fritz . Bauspiess (Jan 05)
- Re: SAP Security Contact Thor (Hammer of God) (Jan 06)
  - Re: SAP Security Contact Ansgar -59cobalt- Wiechers (Jan 08)
  - Re: SAP Security Contact Nicob (Jan 08)
    - Re: SAP Security Contact Stan Bubrouski (Jan 09)
    - Re: SAP Security Contact Nick Boyce (Jan 10)
    - Re: SAP Security Contact Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Jan 11)
- Re: SAP Security Contact Thor (Hammer of God) (Jan 10)