01 Introduction (computer-security/vendor-contacts FAQ)
Description
This article is from the Vendor Security Contacts FAQ, by Christopher Klaus cklaus@iss.net with numerous contributions by others.
01 Introduction (computer-security/vendor-contacts FAQ)
"It [Vendor Security Contact FAQ] is the kind of thing that makes
you look good at work when your boss decides he's joe security and
wants a patch (for like rdist - duh!) yesterday..." - Tim Scanlon,
System Analyst
Vendor Security Contacts: Reporting Vulnerabilities and Obtaining New
Patches
The following FAQ is a list of security contacts to reach at various vendors
for reporting security vulnerabilities and obtaining new security related
patches.
With the rising number of people and hosts gaining access to the Internet,
the basic integrity of the Net needs to be maintained. Many of security
incidents that happen on Internet could have been avoided by installing
security patches that are available by vendors. It is important to get the
recent patches and ensure that your systems are configured properly. With
intruders and their underground network having quick access to security
vulnerabilities, it is important that administrators have security
information available and not rely on just One organization.
Here are the security contacts that information is available for:
* A/UX
* Cray Research
* Data General Corporation
* Dec
* HP
* IBM
* Motorola
* Next
* Novell
* SCO
* SGI
* Sun
Other important security contacts included are:
* CERT Contact
* CIAC Contact
* FIRST Contact
When reporting a new security bug, try to be as specific as possible about
how to reproduce it, which OS release (uname -a), and any other release
numbers of software that are involved.
Continue to:
My Books
