oss-sec mailing list archives
Re: Vendor-sec hosting and future of closed lists
From: "Mike O'Connor" <mjo () dojo mi org>
Date: Mon, 14 Mar 2011 23:28:14 -0400
[catching up on old email] :> > As suggested by Josh Bressers oCERT would be favourable to providing a :> > system that would accept user submission and allow selection of security :> > contacts from our existing member database as well as other verified :> > contacts. ... :It all depends on how this process is going to be handled. I can see oCERT :helping in routing reports to the proper contacts via email to our trusted :member contacts as well as external ones that we can seek on a report basis. What I've observed is that some times, the reporter or coordinator doesn't have a good idea of the scope of their issue. To cite some real-world examples involving folks who I thought would know better: 1) no, BSD networking isn't just in Free/Net/OpenBSD 2) no, ONC RPC just isn't in Sun products 3) no, a RH-specific kernel issue is a general Linux kernel issue Scoping issues isn't always easy. How do you know whether I backported some bleeding-edge fix with broken security implications into one of the OSes I care about last week? Sometimes, I'll need specific info just to confirm that I don't care about the issue. Scoping is one of the things that vendor-sec was occasionally quite helpful with. -- Michael J. O'Connor mjo () dojo mi org =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "I'd be terrific! Colossal! Stupendous! Mediocre even!" -Babs Bunny
Current thread:
- Re: Vendor-sec hosting and future of closed lists, (continued)
- Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 05)
- Re: Vendor-sec hosting and future of closed lists Greg KH (Mar 05)
- Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 06)
- Re: Vendor-sec hosting and future of closed lists S.P.Zeidler (Mar 05)
- Re: Vendor-sec hosting and future of closed lists Matthieu Herrb (Mar 06)
- Re: Vendor-sec hosting and future of closed lists Eugene Teo (Mar 06)
- Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 07)
- Re: Vendor-sec hosting and future of closed lists Josh Bressers (Mar 08)
- Vendor-sec hosting and future of closed lists R P Herrold (Mar 08)
- Re: Vendor-sec hosting and future of closed lists akuster (Mar 08)
- Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 08)
- Re: Vendor-sec hosting and future of closed lists Mike O'Connor (Mar 14)
- Re: Vendor-sec hosting and future of closed lists Andrea Barisani (Mar 16)
- Re: Vendor-sec hosting and future of closed lists Art Manion (Mar 15)