Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 18 Jan 2011 12:21:09 -0500
From: Michael Gilbert <michael.s.gilbert@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request

On Tue, 18 Jan 2011 16:53:51 +0000, Tim Brown wrote:
> On Tuesday 18 January 2011 16:40:42 Michael Gilbert wrote:
> > On Tue, 18 Jan 2011 12:22:05 +0000, Tim Brown wrote:
> > > Guys,
> > > 
> > > What's the best way for an open source project to request a CVE prior to
> > > disclosure?  I'm more that happy to coordinate the disclosure with
> > > distributions where appropriate if that makes a difference.
> > 
> > You're looking for vendor-sec:
> > http://oss-security.openwall.org/wiki/mailing-lists/vendor-sec
> 
> That's a closed list though isn't it?  If anyone wants to sponsor me on to it, 
> I'm willing to put my OpenVAS hat on and jump through the necessary hoops :)

There are some notes at the bottom of the above page that describe what
to do if you are not a vendor-sec member.

Best wishes,
Mike

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.