This shows you the differences between two versions of the page.
|
mailing-lists:vendor-sec [2008/12/10 16:52] thoger make sure list address is mentioned on the page |
mailing-lists:vendor-sec [2011/11/18 03:18] (current) solar removed the linux-distros list info (now on its own page) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== vendor-sec ====== | ====== vendor-sec ====== | ||
| - | vendor-sec (vendor-sec@lst.de) is a mailing list dedicated to distributors of operating systems using (but not necessarily solely comprised of) free and open-source software. | + | As of March 2011, [[http://www.openwall.com/lists/oss-security/2011/03/03/3|vendor-sec is no longer in use]]. |
| - | The list is used to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members. | + | vendor-sec was a mailing list dedicated to distributors of operating systems using (but not necessarily solely comprised of) free and Open Source software. The list was used to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to coordinate the release of security updates by members. |
| - | Historically, vendor-sec started as a private communication channel for Linux vendors, and for distribution of CERT pre-release information in early 1997. However, vendor-sec is not restricted to Linux vendors. | + | Historically, vendor-sec started as a private communication channel for Linux vendors, and for distribution of CERT pre-release information in early 1997. However, vendor-sec was not restricted to Linux vendors, the distribution of pre-release information from CERT quickly ceased, and vendor-sec started to receive its own security vulnerability notifications from its members and from external reporters. |
| - | Vendor-sec is a forum for: | + | Vendor-sec was a forum for: |
| * Sharing knowledge about security vulnerabilities | * Sharing knowledge about security vulnerabilities | ||
| * Sharing and discussing security fixes | * Sharing and discussing security fixes | ||
| * Coordinating release schedules for security updates | * Coordinating release schedules for security updates | ||
| - | * Propagating advance vulnerabilities notifications from the likes of CERT, NISTCC, and others, to affected parties. | ||
| - | The intended audience of vendor-sec are: | + | The intended audience of vendor-sec were: |
| * Linux distributions | * Linux distributions | ||
| * Linux companies | * Linux companies | ||
| * Individual hackers working on Linux security | * Individual hackers working on Linux security | ||
| - | * OpenSource projects with a large user base and/or high security exposure | + | * Open Source projects with a large user base and/or high security exposure |
| - | * Other OpenSource operating systems | + | * Other Open Source operating systems |
| - | The mailing list is unmoderated, but requests for membership are manually vetted to ensure that only the target audience may join. This is done to avoid leaking the potentially sensitive discussions, as vendor-sec members often have access to information about vulnerabilities before they become public. | + | The mailing list was unmoderated, but requests for membership were manually vetted to ensure that only the target audience could join. This was done to avoid leaking the potentially sensitive discussions. |
| - | + | ||
| - | If you want to join the list, try to find a "sponsor", i.e. a vendor-sec member willing to vouch for you. Send a message to vendor-sec explaining why you want to join the list. Your application will then be discussed and voted upon by the vendor-sec members. | + | |
| - | + | ||
| - | We encourage people who are actively researching vulnerabilities to share them with vendor-sec first, although there is a fair bit of overlap between vendor-sec and oss-security in the case where discussions are public. If you post as a non-member to this list, please ensure that you request verification that the mail arrived and action on it is being taken. If no reply is made within 48 hours, please make an attempt to contact vendor-sec-admin@lst.de and/or resend the message. | + | |