Re: About IBM

[Jeffrey Walton <noloader () gmail com>]

On Sun, May 27, 2012 at 4:51 PM, MustLive <mustlive () websecurity com ua> wrote:
> Hello guys!
>
> I have a question for you about IBM. Does anybody has successfully contacted
> them, when they officially answered and fixed vulnerabilities in their
> software, since Leandro Meiners (since 2005)?
The question that comes to mind (for me) is what email address(es) did you use?

Per RFC 2142, MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS
(http://www.ietf.org/rfc/rfc2142.txt), security () ibm com should be
monitored. I also suggest secure () ibm com since Microsoft made it
somewhat popular (MS was using it around the time the RFC was
published). There are a few others from the RFC I would use, including
support, abuse, and noc. For web specific problems, www and hostmaster
would be included.

Additionally, the administrative and technical contacts for IBM can be
found in any WHOIS database.

I discourage folks from using a web submittal forms since using the
website can be encumbered with legal terms. I even recall a site (the
name escapes me) that binds you to a non-disclosure when you use their
web portal to submit a bug.

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/