Differences

This shows you the differences between two versions of the page.

--- vendors [2010/01/14 23:11]
akuster
+++ vendors [2025/04/10 04:36] (current)
bero Add OpenMandriva contacts
@@ Line 11: / Line 11: @@
 As well, please keep this list in alphabetical order.
-===== Annvix =====
+===== Amazon Linux AMI / Amazon Web Services =====
-  * [[https://bugs.annvix.org|Annvix Bugzilla]]
+  * Security bulletins: [[https://aws.amazon.com/amazon-linux-ami/security-bulletins/|Amazon Linux AMI Security Center]] ([[http://aws.amazon.com/rss/amazon-linux-ami.rss|RSS feed]])
-  * [[http://annvix.org/About/Changelog|Changelog and errata information]]
+  * Security contact: <aws-security@amazon.com> [[https://aws.amazon.com/security/aws-pgp-public-key/|PGP key]]
-  * Security contact: <security@annvix.org>
+  * [[http://aws.amazon.com/security/|AWS Security Center]]
+  * [[http://aws.amazon.com/security/vulnerability-reporting/|Vulnerability reporting information]]
 ===== Apple Inc. =====
@@ Line 21: / Line 22: @@
   * [[http://www.apple.com/support/security/|Security process information]]
   * Security issues should be sent to <product-security@apple.com>
-  * Alternatively, reported through the [[http://developer.apple.com/bugreporter/|Apple Bug Reporter]]
+  * Alternatively, reported through the [[https://developer.apple.com/bug-reporting/|Apple Bug Reporter]]
-  * [[http://docs.info.apple.com/article.html?artnum=61798|Security advisories]]
+  * [[https://support.apple.com/en-au/HT201222|Security advisories]]
-===== Debian Linux ====
+===== Arch Linux ====
-  * [[http://bugs.debian.org|Debian bug tracker]]
+  * [[https://bugs.archlinux.org| Arch Linux bug tracker (public issues)]]
+  * Security issues should be sent to <security@archlinux.org>
+===== Debian ====
+  * [[http://bugs.debian.org|Debian bug tracker (public issues only)]], [[http://security-tracker.debian.org|Security issue tracker (public issues only)]]
   * Security issues should be sent to <security@debian.org>
   * Recent advisories are listed upon [[http://security.debian.org/|our front page]]
-===== Foresight Linux =====
-  * Security issues should be sent to <security@foresightlinux.org>
+===== DragonFly BSD =====
-  * Advisories are published for the currently-maintained branch at the [[http://lists.rpath.org/mailman/listinfo/foresight-security-announce|Foresight Linux Essential Advisory mailing list]]
+  * DragonFly Security Officer: <security@dragonflybsd.org> ([[http://www.dragonflybsd.org/keys/|PGP key]])
+===== Enea =====
+  * [[http://lists.enea.com/mailman/listinfo/security-announce |The process for receiving security advisories requires a Support or Maintenance subscription]]
+  * [[http://eneaissues.enea.com/| Bug tracking database - access requires a Support or Maintenance subscription]]
+  * Enea Security: http://www.enea.com/solutions/Enea-Linux/Security
+  * Enea security contacts can be reached at security [at] enea [dot] com
+===== FreeBSD =====
+  * [[https://www.freebsd.org/security/reporting.html|How and where to report a FreeBSD security issue]]
+    * All FreeBSD security issues should be reported to the FreeBSD Security Team at <secteam@FreeBSD.org>
+    * For a higher level of confidentiality, PGP-encrypted e-mail may be sent to the Security Officer Team at <security-officer@FreeBSD.org> ([[https://www.freebsd.org/security/so_public_key.asc|PGP key]])
+===== Frugalware Linux =====
+  * Security issues should be sent to <frugalware-security-private@frugalware.org>
+  * Advisories are published for the stable branch at the [[http://frugalware.org/mailman/listinfo/frugalware-security/|Frugalware Security mailing list]]
 ===== Gentoo Linux =====
   * [[https://bugs.gentoo.org/|Gentoo Bugzilla]] -- see "Gentoo Security" product.
-  * Gentoo Linux Security Advisories (GLSA) published via [[http://archives.gentoo.org/gentoo-announce/|Mail]] ([[http://www.gentoo.org/main/en/lists.xml|subscribe]]), [[http://www.gentoo.org/security/en/glsa/index.xml|HTTP]] and [[http://www.gentoo.org/rdf/en/glsa-index.rdf|RSS]].
+  * Gentoo Linux Security Advisories (GLSA) published via [[https://archives.gentoo.org/gentoo-announce/|Mail]] ([[https://www.gentoo.org/get-involved/mailing-lists/|subscribe]]), [[https://security.gentoo.org/glsa/|HTTP]] and [[https://security.gentoo.org/subscribe|Feeds]].
-  * [[http://www.gentoo.org/security/en/|Security Website]] with [[http://www.gentoo.org/security/en/vulnerability-policy.xml|Vulnerability Policy]] and confidential contacts.
+  * [[https://www.gentoo.org/support/security/|Security Website]] with [[https://www.gentoo.org/support/security/vulnerability-treatment-policy.html|Vulnerability Policy]] and confidential contacts.
   * Security contact: <security@gentoo.org>, #gentoo-security on irc.freenode.net.
-===== Mandriva =====
+===== Homebrew =====
-  * [[https://qa.mandriva.com|Mandriva Bugzilla]]
+  * [[https://github.com/Homebrew/homebrew/issues|Homebrew issue tracker]]
-  * [[http://www.mandriva.com/security|Security and errata information]]
+  * Security contact: <security@brew.sh>
-  * Security contact: <security@mandriva.com>
+===== IBM =====
+  * [[http://www-03.ibm.com/security/secure-engineering/report.html|How and where to report an IBM Product Security Incident]]
+  * [[http://www.ibm.com/connections/blogs/PSIRT|Security Bulletins]]
+  * [[http://www-947.ibm.com/support/entry/portal/support|IBM Customer Support Portal]]
+  * IBM Product Security Incident Support Team (PSIRT): <psirt@us.ibm.com> [[http://www-03.ibm.com/security/secure-engineering/IBM_PSIRT.asc|PGP key]]
+===== Mageia =====
+  * [[https://bugs.mageia.org|Mageia Bugzilla]]
+  * [[http://advisories.mageia.org|Security and bugfix information)]]
+  * Security contact: <security@mageia.org>
+===== Microsoft Linux Systems Group =====
+  * Report security issues through the [[https://www.microsoft.com/en-us/msrc|Microsoft Security Response Center]]
+  * Details on the reporting procedure are available [[https://portal.msrc.microsoft.com/en-us/engage/sbr| here]]
+  * Information about the bounty program [[https://www.microsoft.com/en-us/msrc/bounty?rtc=1|here]]
 ===== MontaVista Software, LLC. =====
-  * The process for distribution of security advisories is currently under discussion.
+  * The process for receiving security advisories requires a Support or Maintenance subscription.
-  * MontaVista security contacts can be reached at <security-exploder@mvista.com>.
+  * Bug tracking database - access requires a Support or Maintenance subscription.
+  * [[https://support.mvista.com/Security/CVE/ | Security Advisories ]]
+  * MontaVista security contacts can be reached at <security@mvista.com> [[https://support.mvista.com/Security/mv_psirt_pub_key.txt|PGP key]]
 ===== NetBSD =====
@@ Line 58: / Line 101: @@
   * [[http://www.netbsd.org/support/security/|Contact and errata information]]
   * Security contact: <security-alert@NetBSD.org>
+  * (for pkgsrc please see separate entry below)
-===== OpenBSD ====
+===== OpenBSD =====
-  * [[http://www.openbsd.org/query-pr.html|Bug tracking database]]
+  * Bug tracking mailing list: <bugs@openbsd.org> ([[https://marc.info/?l=openbsd-bugs|Archive]], [[https://lists.openbsd.org/cgi-bin/mj_wwwusr?extra=bugs&func=lists-full-long|Subscribe]])
-  * [[http://www.openbsd.org/security.html|Security and errata information]]
+  * [[https://www.openbsd.org/security.html|Security and errata information]]
   * Security contact: <deraadt@openbsd.org>
-===== OpenSUSE and SUSE ====
+===== OpenMandriva =====
+  * Bug tracker: [[https://github.com/OpenMandrivaAssociation/distribution/issues]]
+  * Security contact: <team@openmandriva.org>
+  * Matrix channel: [[https://app.element.io/#/room/#openmandriva-cooker:matrix.org]] (This is a public channel, not for private information, but the fastest way to ping a maintainer)
+===== OpenSUSE and SUSE =====
   * [[http://bugzilla.novell.com/|Bugzilla]]
@@ Line 79: / Line 129: @@
   * Security contact: <security@owl.openwall.com>
-===== Pardus =====
+===== Oracle Linux =====
-  * [[http://bugs.pardus.org.tr/|Pardus Bugzilla]] -- see "Guvenlik/Security" product.
+  * [[http://bugzilla.oracle.com/bugzilla/|Oracle Bugzilla]]
-  * Pardus Linux Security Advisories (PLSA) published via [[http://liste.pardus.org.tr/pardus-security/|Mail list]] ([[http://liste.pardus.org.tr/mailman/listinfo/pardus-security|subscribe]]), [[http://security.pardus.org.tr/en/|HTTP]] and [[http://security.pardus.org.tr/en/rss/|RSS]].
+  * [[http://oss.oracle.com/pipermail/el-errata/|Oracle Linux Erratas]] includes security advisories
-  * Security contact: <security@pardus.org.tr>
+  * [[http://www.oracle.com/us/support/assurance/reporting/index.html|Security contact information]] - email for reporting vulnerabilities: <secalert_us@oracle.com>
+  * [[http://www.oracle.com/linux|Oracle Linux]] introduction, downloads, support offerings
+  * [[http://www.oracle.com/us/support/assurance/fixing-policies/index.html|Oracle security fix policy]]
+===== Parallels Inc. =====
+  * Update announcements published via [[http://kb.sp.parallels.com|Parallels KnowledgeBase]] and [[http://sp.parallels.com/products/pcs/rss|Parallels Cloud Server RSS]], [[http://sp.parallels.com/products/pvc/pcl-rss|Parallels Containers for Linux RSS]].
+  * Security contact: <security@parallels.com>
+===== pkgsrc (NetBSD Packages Collection for multiple OS's incl. *Bsd, Linux, Solaris, OSX, etc.) =====
+  * For issues in NetBSD please see the separate entry
+  * [[http://www.netbsd.org/support/query-pr.html|Bug tracking database]] -- select 'pkg' Category
+  * [[http://ftp.netbsd.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities|Vulnerable package versions database]]
+  * Security contact: <pkgsrc-security@NetBSD.org>
+  * [[http://ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security@NetBSD.org.asc|PGP key]]
+===== Qlustar =====
+  * Qlustar Security Advisories (QSA) [[https://qlustar.com/security-advisories|Archive]] ([[https://qlustar.com/newsletter/subscriptions|subscribe]]).
+  * Security contact: <security@qlustar.com>
 ===== Red Hat Inc =====
@@ Line 90: / Line 160: @@
   * Advisories for all Red Hat products are published to [[http://www.redhat.com/archives/rhsa-announce/|the RHSA announce mailing list]] since Nov 2007 (older are at [[http://www.redhat.com/archives/enterprise-watch-list/]]).
-===== rPath Inc =====
+===== Solaris =====
-  * Security-related bugs can either be mailed to <security@rpath.com> or filed at https://issues.rpath.com (setting the "security level" to "reporter and rPath Security Team")
+  * [[http://www.oracle.com/technetwork/topics/security/alerts-086861.html|Oracle Critical Patch Updates and Security Alerts]]
-  * Advisories are published to [[http://lists.rpath.com/mailman/listinfo/security-announce|the security-announce mailing list]] for all branches which are currently being supported.
+  * [[http://www.oracle.com/us/support/assurance/reporting/index.html|Security contact information]] - email for reporting vulnerabilities: <secalert_us@oracle.com>
+  * [[http://www.oracle.com/us/support/assurance/fixing-policies/index.html|Oracle security fix policy]]
+  * [[http://www.oracle.com/technetwork/topics/security/changesforsunsecuritypolicies-162219.html|Changes in security policies for the Sun product lines]]
-===== Symbian Foundation =====
+===== TurrisOS =====
-  * Use [[https://developer.symbian.org/bugs/]] to report Symbian Platform bugs (private security bugs can be opened by checking the "This is a security problem that should be kept confidential until addressed" box).
+  * Use [[https://gitlab.labs.nic.cz/turris/openwrt/issues]] to report TurrisOS bugs (private security bugs can be opened by checking the "This issue is confidential and should only be visible to team members with at least Reporter access." box).
-  * The process for distribution of security advisories is [[http://developer.symbian.org/wiki/index.php/Security_Strategy_Working_Group|currently under discussion]].
+  * Security contacts for TurrisOS can be reached at <security@turris.cz>.
-  * Symbian Foundation security contacts can be reached at <security-alert@symbian.org>.
 ===== Ubuntu =====
-  * Use [[https://launchpad.net/ubuntu/+filebug]] to report Ubuntu bugs (private security bugs can be opened by checking the "This bug is a security vulnerability" box).
+  * Use [[https://launchpad.net/ubuntu/+filebug|Launchpad]] to report Ubuntu bugs
-  * [[http://www.ubuntu.com/usn/|Ubuntu Security Notices]] are sent to the [[https://lists.ubuntu.com/archives/ubuntu-security-announce/|ubuntu-security-announce mailing list]].
+    * Private security bugs can be opened by selecting the ''"Private Security"'' option in the ''"This bug contains information that is:"'' drop-down menu
-  * Security contacts for Ubuntu can be reached at <security@ubuntu.com>.
+  * [[https://usn.ubuntu.com/|Ubuntu Security Notices]] are sent to the [[https://lists.ubuntu.com/archives/ubuntu-security-announce/|ubuntu-security-announce mailing list]]
+  * Security contacts for Ubuntu can be reached at <security@ubuntu.com> or see the [[https://wiki.ubuntu.com/SecurityTeam/FAQ#Contact|Ubuntu Security FAQ]] for more information
+===== VMware, Inc. ====
+  * VMware Security Advisories (VMSAs) are posted to [[http://www.vmware.com/security/advisories]].
+  * You can sign up for receiving security advisories at [[http://www.vmware.com/security]].
+  * Report security issues to <security@vmware.com> or see the [[http://www.vmware.com/support/policies/security_response.html|VMware Security Response Policy]] for more information.
+===== Wind River =====
+  * The process for receiving security advisories requires a Support or Maintenance subscription. [[https://support.windriver.com/olsPortal/faces/basic/portal.jspx]]
+  * [[http://www.openwall.com/lists/oss-security/2011/05/02/9|Info on what Wind River publicly disclose and what they don't; RSS feeds with the publicly disclosed info on security issues]]
+  * Wind River Linux security contacts can be reached at <security-alert@windriver.com>.
 ====== Other Resources ======
@@ Line 112: / Line 196: @@
 There's a [[http://distributions.freedesktop.org/wiki/DistributionLocations|similar page on the Distributions Wiki]].
-[[http://osvdb.org|OSVDB]] maintains [[http://osvdb.org/vendors|The Vendor Dictionary]], an extensive database of software and appliance vendors (not limited to Open Source ones).