SAP Security Contact

["Mark Litchfield" <mark () jibbery com>]

I do not like to bother this mailing list with such requests, but as you 
will see from below (SAP's response), I feel this is a last resort.  I have 
also phoned SAP leaving a voice mail but with no success.

So if anyone can assist with a contact email address at SAP, ideally an 
individual, this would be greatly appreciated.

Thanks in advance for any help.

Cheers

Mark


--------------------------------------------------------------------------------
From: SAP [mailto:webmaster () sap com]
Sent: Thu 1/4/2007 3:16 PM
To: Mark Litchfield
Subject: Re: General Enquiry (KMM3303039I24953L0KM)




Mark

Thank you for your interest in SAP. You will need to send your request 
directly to our headquarters location in writing.

Here is the headquarters address.

SAP Americas
3999 West Chester Pike
Newtown Square,  Pa   19073


Original Message Follows: ------------------------
InfoRequest - General Enquiry

Your Message
I am contacting SAP about:
General inquiry
Dear Sir / Madam,

I am conducting vulnerabvility research into SAP and the various components 
that make up SAP. So far my research has found 8 security vulnerabilities, 
some of which allow an attcker to execute code remotely on the SAP server as 
SYSTEM without the need for authentication.

I am looking for if possible, a security contact within SAP that I may share 
my findings with so the necessary code fixes can be put in place to prevent 
these issues.

Any assistance you could offer would be greatly appreciated.

Best Regards

Mark Litchfield
www.ngssoftware.com