As of March 2011, vendor-sec is no longer in use.
vendor-sec was a mailing list dedicated to distributors of operating systems using (but not necessarily solely comprised of) free and Open Source software. The list was used to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to coordinate the release of security updates by members.
Historically, vendor-sec started as a private communication channel for Linux vendors, and for distribution of CERT pre-release information in early 1997. However, vendor-sec was not restricted to Linux vendors, the distribution of pre-release information from CERT quickly ceased, and vendor-sec started to receive its own security vulnerability notifications from its members and from external reporters.
Vendor-sec was a forum for:
The intended audience of vendor-sec were:
The mailing list was unmoderated, but requests for membership were manually vetted to ensure that only the target audience could join. This was done to avoid leaking the potentially sensitive discussions.