[ILUG] procedure for reporting security issues
Dave Wilson
dave.wilson at heanet.ie
Thu Jan 13 11:52:58 GMT 2000
Contact "the vendor".
Contact details will change from vendor to vendor. Check the documentation
and website for whatever the service is; hopefully they will have a mailing
list or contact address for the development team.
> An email to BUGTRAQ wouldn't go amiss either, but only when you're
> absolutely sure it's a secrity hole.
Mailing BUGTRAQ before you've informed the developer and given them some
time to prepare a fix is frowned upon. Mailing BUGTRAQ after they've failed
to respond is positively encouraged.
Regards,
Dave
--
dave.wilson at heanet.ie --------------------------------------- +353-1-662-3412
It is one thing to pray; it is another to pray to entities who might not only
be listening, but who will search you out on the road and beat you across the
head with sticks if you say something that offends them. -- Neil Gaiman
More information about the ILUG
mailing list