Vulnwatch mailing list archives
Administrivia: acceptable postings
From: Chris Wysopal <weld () vulnwatch org>
Date: Wed, 26 Mar 2003 21:43:04 +0000 (GMT)
There have been some questions as to which postings are in and out of scope for the VulnWatch list. This is the VulnWatch approval policy. VulnWatch Acceptable Postings ----------------------------- Announcements of new vulnerabilties in software or hardware. These typically take the form of a security researcher's or product vendor's advisory, but may be less formal. Additional postings on the same topic must include significant new information concerning the vulnerability. For example, if a researcher posts a detailed advisory, a later vendor's advisory will typically be rejected unless it adds significant new vulnerability detail. VulnWatch Unacceptable postings ------------------------------- Vendor or coordinator bulletins that add no more information above what has already been published. Vulnerabilities that have negligible impact: * XSS issues that have negligible impact. Example: user can send themselves javascript by doing a search on a web site. * Info disclosure issues that have negligible impact. Example: error message discloses the document root of the web server. * Issues that require an another unknown or already known vulnerability to have any impact. Example: if user shares out their filesystem, sensitive unencrypted data may be disclosed. Announcemnt of 2 new distinct issues that combine to form a vulnerability are acceptable. * Vulnerabilities in custom software that only effect one site. Announcements of tools or conferences. Discussion followups to an announcement. VulnWatch Postings Forwarded ToVulnDiscuss ------------------------------------------ Frequently people comment on advisories sent to the list in a followup message. VulnWatch is announcment only. VulnDiscuss was created to handle the discussion that frequently follows an advisory announcement. If a discussion posting is sent to VulnWatch it will be approved on the VulnDiscuss list. VulnDiscuss Acceptable Postings ------------------------------- Anything technical pertaining to hardware and software vulnerabilities and the discussion of VulnWatch announcements. This includes vulnerability finding tools, conferences that discuss vulnerabilities, and discussion of vulnerability solutions. VulnDiscuss Unacceptable Postings --------------------------------- Anything non-technical or not relating to vulnerabilities is prohibited. As is any advertising or self promotion. Signed, VulnWatch Moderators: Steve Manzuik Rain Forest Puppy Chris Wysopal
Current thread:
- Administrivia: acceptable postings Chris Wysopal (Mar 26)