Bugtraq mailing list archives

Re: SAP Security Contact

From: "Stan Bubrouski" <stan.bubrouski () gmail com>
Date: Tue, 9 Jan 2007 01:02:15 -0500

In all fairness here, many companies have canned responses to
security@whatever and may never actually respond to a sender even if
action is being taken.  Looking for an actual person to assure
something has been recognized as a vulnerability and will be patched
is not unreasonable.

-sb

On 1/6/07, Nicob <nicob () nicob net> wrote:

Le vendredi 05 janvier 2007, Thor (Hammer of God) a écrit :

> Something like security () sap com may seem obvious, but it's better if you
> list specific contact info so it can be easily found.

I don't want to be rude but :
- security () domain tld is the only standardized security contact (as
defined by RFC 2142)
- googling security () sap com would bring some results
- this was already answered on the Full-Disclosure mailing list
- the OSVDB Vendor Dictionary contains a record for SAP
- even the SecurityFocus site has some references to this email
address : http://www.securityfocus.com/columnists/415


Nicob

Current thread:

SAP Security Contact Mark Litchfield (Jan 04)
- <Possible follow-ups>
- Re: SAP Security Contact Fritz . Bauspiess (Jan 05)
- Re: SAP Security Contact Thor (Hammer of God) (Jan 06)
  - Re: SAP Security Contact Ansgar -59cobalt- Wiechers (Jan 08)
  - Re: SAP Security Contact Nicob (Jan 08)
    - Re: SAP Security Contact Stan Bubrouski (Jan 09)
    - Re: SAP Security Contact Nick Boyce (Jan 10)
    - Re: SAP Security Contact Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (Jan 11)
- Re: SAP Security Contact Thor (Hammer of God) (Jan 10)