Security-Related Mailing Lists

This page provides links to a number of security-related mailing list resources.

• oss [dash] security [at] lists [dot] openwall [dot] com: The open source software security mailing list (oss-security), which is a counter-part to this wiki. This is a public mailing list for anyone to subscribe to. Non-members may post to the list, however their messages will be moderated before release. This list is an open list for open source software authors and vendors to discuss public security issues.
  • oss-security List Archives (also available via Gmane and MARC)
  • oss-security List Charter
• bugtraq [at] securityfocus [dot] com: The Bugtraq mailing list. This is a public mailing list for anyone to subscribe to, however postings to the list are moderated. You can read the description of the mailing list which describes the purpose of Bugtraq and how to subscribe.
• full [dash] disclosure [at] lists [dot] grok [dot] org [dot] uk: The Full-Disclosure mailing list. This is a public mailing list for anyone to subscribe to and discuss anything related to security. You can read the Mailing List Charter, which provides more information about the list and how to subscribe or view the archives.

• vendor [dash] sec [at] lst [dot] de: The vendor-sec mailing list. This is a closed member mailing list with a membership of various open source vendors to discuss security issues common to different open source operating systems. Messages may be sent to the list without being subscribed (i.e. to provide pre-notification of security issues to open source vendors). If you post as a non-member to this list, please ensure that you request verification that the mail arrived and action on it is being taken. If no reply is made within 48 hours, please make an attempt to contact vendor [dash] sec [dash] admin [at] lst [dot] de and/or resend the message.

• seclists.org maintains a list of security-related public mailing lists with information on them, links to archives, etc.