Red Hat security engineer lists sources of vulnerabilities

["Steven M. Christey" <coley () mitre org>]

Mark Cox of Red Hat has published a blog entry that identifies how
they learned about vulnerabilities in their products:

  http://www.awe.com/mark/blog/security/200603211056.html

Note his disclaimer that "we only list the first place we found out
about an issue, and for already-public issues this may be arbitrary."
Due to the nature of the data collection, it can't be determined how
much they were notified by researchers who went through other channels
such as vendor-sec.  Still, it's an interesting breakdown, and it
would be nice to see how other vendors learn of issues.

- Steve

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/