Full Disclosure mailing list archives
Red Hat security engineer lists sources of vulnerabilities
From: "Steven M. Christey" <coley () mitre org>
Date: Tue, 21 Mar 2006 14:50:36 -0500 (EST)
Mark Cox of Red Hat has published a blog entry that identifies how they learned about vulnerabilities in their products: http://www.awe.com/mark/blog/security/200603211056.html Note his disclaimer that "we only list the first place we found out about an issue, and for already-public issues this may be arbitrary." Due to the nature of the data collection, it can't be determined how much they were notified by researchers who went through other channels such as vendor-sec. Still, it's an interesting breakdown, and it would be nice to see how other vendors learn of issues. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Red Hat security engineer lists sources of vulnerabilities Steven M. Christey (Mar 21)