[Full-disclosure] RSA Security's Contact Point for Vulnerability Reports
Vin McLellan
vin at theworld.com
Wed Jan 4 04:42:41 GMT 2006
Tidying up year end business, I recently realized that last summer I
had promised the readers of Full Disclosure an update on RSA
Security's review of their procedures for accepting bug and
vulnerability reports from independent researchers who are neither
RSA customers nor RSA distributors.
I could have redeemed my word -- months ago -- with a pointer to the
RSA website, where the company established a clearly designated
contact point for *anyone* who wishes to submit information about
security issues in RSA's commercial
products. See: <http://www.rsasecurity.com/node.asp?id=2928>.
I've been a consultant to RSA for many years. I apologize to the List
for being so tardy in my promised follow up. While I hope RSA's new
channel for vulnerability reports will be seldom needed, I trust
those who do use it will find this vendor responsive and appreciative.
Happy New Year from Boston,
_Vin
------------------------------------------------------------
Vin McLellan + The Privacy Guild +
<<mailto:vin at theworld.com>vin at theworld.com>
22 Beacon St., Chelsea, MA 02150-2672 USA
Full-Disclosure is hosted and sponsored by Secunia.