Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Red Hat security engineer lists sources of vulnerabilities
From: "Steven M. Christey" <coley () mitre org>
Date: Tue, 21 Mar 2006 14:50:36 -0500 (EST)

Mark Cox of Red Hat has published a blog entry that identifies how
they learned about vulnerabilities in their products:

  http://www.awe.com/mark/blog/security/200603211056.html

Note his disclaimer that "we only list the first place we found out
about an issue, and for already-public issues this may be arbitrary."
Due to the nature of the data collection, it can't be determined how
much they were notified by researchers who went through other channels
such as vendor-sec.  Still, it's an interesting breakdown, and it
would be nice to see how other vendors learn of issues.

- Steve

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • Red Hat security engineer lists sources of vulnerabilities Steven M. Christey (Mar 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]