Full Disclosure mailing list archives
Re: About IBM
From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 27 May 2012 19:12:12 -0400
On Sun, May 27, 2012 at 4:51 PM, MustLive <mustlive () websecurity com ua> wrote:
Hello guys! I have a question for you about IBM. Does anybody has successfully contacted them, when they officially answered and fixed vulnerabilities in their software, since Leandro Meiners (since 2005)?
The question that comes to mind (for me) is what email address(es) did you use? Per RFC 2142, MAILBOX NAMES FOR COMMON SERVICES, ROLES AND FUNCTIONS (http://www.ietf.org/rfc/rfc2142.txt), security () ibm com should be monitored. I also suggest secure () ibm com since Microsoft made it somewhat popular (MS was using it around the time the RFC was published). There are a few others from the RFC I would use, including support, abuse, and noc. For web specific problems, www and hostmaster would be included. Additionally, the administrative and technical contacts for IBM can be found in any WHOIS database. I discourage folks from using a web submittal forms since using the website can be encumbered with legal terms. I even recall a site (the name escapes me) that binds you to a non-disclosure when you use their web portal to submit a bug. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- About IBM MustLive (May 27)
- Re: About IBM Ferenc Kovacs (May 27)
- Re: About IBM Jeffrey Walton (May 27)
- Re: About IBM Thomas Richards (May 28)
- Re: About IBM Bzzz (May 28)
- <Possible follow-ups>
- Re: About IBM Jonathan Leffler (May 28)
- Re: About IBM Alex Sugarmann (May 29)