oss-sec mailing list archives
Re: snowflakedb security contacts
From: Roxana Bradescu <roxxbee () gmail com>
Date: Sun, 24 Jul 2022 11:10:35 -0700
On Jul 18, 2022, at 5:18 PM, Seth Arnold <seth.arnold () canonical com> wrote: Hello, if anyone has friends or acquaintances at snowflakedb, please direct their attention to: https://github.com/snowflakedb/gosnowflake/issues/619 "Please add a SECURITY.md file and security policy" I don't know if what I found is actually an issue but I'd like to give them a chance to see it privately before telling the whole world. I've not had much luck with the Usual Methods so far. Everyone else: *please* take five minutes to write down how you'd like people to report security issues. Some people subscribe to the "security bugs are just bugs, report them like any other" philosophy. Some people want a chance to look at potential security issues privately, first. Whatever you'd like, please just write it down someplace obvious. Thanks
Hi Seth, did you ever get a response from anyone at Snowflake? Just in case you didn’t, Snowflake uses HackerOne for their vuln mgmt program so issues get reported to HackerOne directly (and this information belongs in a Security.md file) https://hackerone.com/139c0e4f-5b34-470a-b81e-aa8740c3e66e/embedded_submissions/new <https://hackerone.com/139c0e4f-5b34-470a-b81e-aa8740c3e66e/embedded_submissions/new> --- Regards, Roxana
Attachment:
signature.asc
Description: Message signed with OpenPGP
Current thread:
- snowflakedb security contacts Seth Arnold (Jul 18)
- Re: snowflakedb security contacts Roxana Bradescu (Jul 24)
- Re: snowflakedb security contacts Seth Arnold (Jul 25)
- Re: snowflakedb security contacts Christian Heinrich (Jul 26)
- Re: snowflakedb security contacts Seth Arnold (Jul 25)
- Re: snowflakedb security contacts Roxana Bradescu (Jul 24)