nanog mailing list archives
Re: NSP-SEC
From: Sean Donelan <sean () donelan com>
Date: Sat, 20 Mar 2010 16:12:31 -0400 (EDT)
On Sat, 20 Mar 2010, William Pitcock wrote:
If you're a 15 year old kid and you just discovered a way to own the latest IOS, for example, how do you know who to tell about it?
Read the manual? Most products and open source projects have a manual which includes information about contacting the vendor or project.
If you don't have the manual, but know how to use a search engine, try a search for "reporting security vulnerabilities". Most major IT vendors and open source projects have a security reporting page. Some people have suggested vendors and projects have a common URL such as ".../security" with security information.
For example if you found a vulnerability in IOS, look up the following URL to find out Cisco's reporting contacts: http://www.cisco.com/security Report a potential vulnerability in Cisco products: psirt () cisco comUrgent technical assistance for non-security issues that involve Cisco products:
Cisco Technical Support 800 553 2447 (U.S.) Worldwide ContactsEmergency response to active security incidents that involve Cisco products:
PSIRT 877 228 7302 (U.S.) +1 408 525 6532 (outside U.S.) Report an incident involving the Cisco corporate network: infosec () cisco comIf you still don't know who to contact, CERT/CC maintains a world-wide map of national computer security incident response teams.
http://www.cert.org/cert/map_open.htmlAlthough some of the "intra" forums between CSIRT, vendor, project, provider, researcher communities aren't open to everyone, e.g. a CSIRT forum may only have CSIRTs, an academic forum may only have academics; each of the CSIRTs, vendors, projects, providers have contacts for reporting vulnerabilities that may affect their constituencies.
Current thread:
- Re: NSP-SEC, (continued)
- Re: NSP-SEC Gadi Evron (Mar 20)
- Re: NSP-SEC Valdis . Kletnieks (Mar 22)
- Re: NSP-SEC Guillaume FORTAINE (Mar 22)
- Re: NSP-SEC Randy Bush (Mar 22)
- Re: NSP-SEC Andrew D Kirch (Mar 22)
- Re: NSP-SEC Valdis . Kletnieks (Mar 22)
- Re: NSP-SEC Guillaume FORTAINE (Mar 23)
- Re: NSP-SEC Valdis . Kletnieks (Mar 23)
- Re: NSP-SEC Nick Hilliard (Mar 23)
- Re: NSP-SEC Guillaume FORTAINE (Mar 20)
- Re: NSP-SEC Sean Donelan (Mar 20)
- Re: NSP-SEC Gadi Evron (Mar 20)
- Re: NSP-SEC William Pitcock (Mar 20)
- Re: NSP-SEC Guillaume FORTAINE (Mar 21)
- Re: NSP-SEC Andrew D Kirch (Mar 21)
- Re: NSP-SEC Sean Donelan (Mar 20)
- Re: NSP-SEC George Imburgia (Mar 20)
- Re: NSP-SEC James Bensley (Mar 21)
- Re: NSP-SEC Rich Kulawiec (Mar 21)
- RE: NSP-SEC Alex Lanstein (Mar 21)