Date: Tue, 18 Jan 2011 12:21:09 -0500 From: Michael Gilbert <michael.s.gilbert@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request On Tue, 18 Jan 2011 16:53:51 +0000, Tim Brown wrote: > On Tuesday 18 January 2011 16:40:42 Michael Gilbert wrote: > > On Tue, 18 Jan 2011 12:22:05 +0000, Tim Brown wrote: > > > Guys, > > > > > > What's the best way for an open source project to request a CVE prior to > > > disclosure? I'm more that happy to coordinate the disclosure with > > > distributions where appropriate if that makes a difference. > > > > You're looking for vendor-sec: > > http://oss-security.openwall.org/wiki/mailing-lists/vendor-sec > > That's a closed list though isn't it? If anyone wants to sponsor me on to it, > I'm willing to put my OpenVAS hat on and jump through the necessary hoops :) There are some notes at the bottom of the above page that describe what to do if you are not a vendor-sec member. Best wishes, Mike
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.