oss-sec mailing list archives
Re: snowflakedb security contacts
From: Seth Arnold <seth.arnold () canonical com>
Date: Mon, 25 Jul 2022 22:27:31 +0000
On Sun, Jul 24, 2022 at 11:10:35AM -0700, Roxana Bradescu wrote:
Just in case you didn’t, Snowflake uses HackerOne for their vuln mgmt program so issues get reported to HackerOne directly (and this information belongs in a Security.md file)
Hello Roxana, thank you, yes, I did hear from Snowflake, perhaps via the efforts of list readers who helped make connections. Snowflake has their HackerOne relationship published on: https://www.snowflake.com/product/security-and-trust-center/ (which I swear I looked for, but was unable to find when looking for it myself). HackerOne feels a bit formal for me: not everyone reporting issues is out for bug bounties and so on -- but having seen more than my fair share of "all your source code is public" reports, I'm also sympathetic. Thanks
Attachment:
signature.asc
Description:
Current thread:
- snowflakedb security contacts Seth Arnold (Jul 18)
- Re: snowflakedb security contacts Roxana Bradescu (Jul 24)
- Re: snowflakedb security contacts Seth Arnold (Jul 25)
- Re: snowflakedb security contacts Christian Heinrich (Jul 26)
- Re: snowflakedb security contacts Seth Arnold (Jul 25)
- Re: snowflakedb security contacts Roxana Bradescu (Jul 24)