Home page logo
/

bugtraq logo Bugtraq mailing list archives

Whose X do I need to X to get on CERT?
From: "Jonathan G. Lampe" <jonathan () stdnet com>
Date: Tue, 19 Feb 2002 16:45:32 -0600

My company makes a product ("UniGate") which among other things is an SNMP agent. When CERT's recent SNMP advisory came out (http://www.cert.org/advisories/CA-2002-03.html), we reacted I think like any other responsible vendor should. I grabbed the various test suites available and threw them against undefended internal test boxes while the engineering staff consulted the source code. It took us two full days to get a handle on things, but by February 14th we had an advisory statement for our customers. I mailed CERT a copy (you can see the text of the message here: http://www.stdnet.com/support/?category_number=3&subcategory_number=1 )

On its major advisories CERT advertises a "Vendor Information" section with "details from vendors who have provided feedback for this advisory." I see the online doc has been updated several times a day since the advisory came out (18 times since I sent my first email), but after 4 emails and 2 phone calls I'm still waiting for anything other than an automated response.

Has anyone else (particularly vendors) ever had problems getting CERT to post stuff, or even acknowledge your presence? Is there an invisible "pay-to-play" thing going on here which has escaped my notice? Am I talking to the wrong people? Anyone? Buehler?

TIA, Jonathan Lampe, GCIA, GSNA, etc.

P.S. Here's where I sent copies of the letter (give it another shot every 2 days or so...):
cert () cert org  SUBJ: VU#617947
cert () cert org  SUBJ: CA-2002-03 Feedback VU#617947
cert () cert org  SUBJ: Yet Another Vendor entry for CA-2002-03

Number Called:
412-268-7090  (Feb 15 and Feb 18)

(On a Friday phone calls, the guy ack'ed receipt of at least one of the email messages - said "call back on Monday".)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault