Re: snowflakedb security contacts

[Seth Arnold <seth.arnold () canonical com>]

On Sun, Jul 24, 2022 at 11:10:35AM -0700, Roxana Bradescu wrote:
> Just in case you didn’t, Snowflake uses HackerOne for their vuln mgmt
> program so issues get reported to HackerOne directly (and this
> information belongs in a Security.md file)

Hello Roxana, thank you, yes, I did hear from Snowflake, perhaps via the
efforts of list readers who helped make connections.

Snowflake has their HackerOne relationship published on:
https://www.snowflake.com/product/security-and-trust-center/
(which I swear I looked for, but was unable to find when looking for it
myself).

HackerOne feels a bit formal for me: not everyone reporting issues is out
for bug bounties and so on -- but having seen more than my fair share of
"all your source code is public" reports, I'm also sympathetic.

Thanks

Attachment: signature.asc
Description: