* Aaron Gray:
> It turns out I was going about the process of vulnerability
> notification all wrong. I should have gone to the United States
> Computer Emergency Readiness Team to report them.
> The US-CERT home page provides an email address cert@cert.org for
> reporting vulnerabilities. If you use it, you will receive more
> detailed instructions on how to complete this form.
Before submitting *anything* to CERT/CC, be sure to review their
information sharing policies. Last time I checked, their documented
policy was to share _everything_ with paying customers unless you
explicitly requested that information is dealt with on a need-to-know
basis.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Tue Aug 10 10:41:41 2004
This archive was generated by hypermail 2.1.8 : Tue Aug 10 2004 - 11:02:15 EDT
