Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 25 Jul 2022 22:27:31 +0000
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Subject: Re: snowflakedb security contacts

On Sun, Jul 24, 2022 at 11:10:35AM -0700, Roxana Bradescu wrote:
> Just in case you didn’t, Snowflake uses HackerOne for their vuln mgmt
> program so issues get reported to HackerOne directly (and this
> information belongs in a Security.md file)

Hello Roxana, thank you, yes, I did hear from Snowflake, perhaps via the
efforts of list readers who helped make connections.

Snowflake has their HackerOne relationship published on:
https://www.snowflake.com/product/security-and-trust-center/
(which I swear I looked for, but was unable to find when looking for it
myself).

HackerOne feels a bit formal for me: not everyone reporting issues is out
for bug bounties and so on -- but having seen more than my fair share of
"all your source code is public" reports, I'm also sympathetic.

Thanks

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.