Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RSA Security's Contact Point for Vulnerability Reports
From: Vin McLellan <vin () theworld com>
Date: Tue, 03 Jan 2006 23:42:41 -0500

Tidying up year end business, I recently realized that last summer I had promised the readers of Full Disclosure an update on RSA Security's review of their procedures for accepting bug and vulnerability reports from independent researchers who are neither RSA customers nor RSA distributors.

I could have redeemed my word -- months ago -- with a pointer to the RSA website, where the company established a clearly designated contact point for *anyone* who wishes to submit information about security issues in RSA's commercial products. See: <http://www.rsasecurity.com/node.asp?id=2928>.

I've been a consultant to RSA for many years. I apologize to the List for being so tardy in my promised follow up. While I hope RSA's new channel for vulnerability reports will be seldom needed, I trust those who do use it will find this vendor responsive and appreciative.

Happy New Year from Boston,


Vin McLellan + The Privacy Guild + <<mailto:vin () theworld com>vin () theworld com>
         22 Beacon St., Chelsea, MA 02150-2672 USA

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • RSA Security's Contact Point for Vulnerability Reports Vin McLellan (Jan 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]