Differences

This shows you the differences between two versions of the page.

--- vendors [2016/04/25 08:07]
pabs new url for Apple bug reporting
+++ vendors [2025/04/10 04:36] (current)
bero Add OpenMandriva contacts
@@ Line 12: / Line 12: @@
 ===== Amazon Linux AMI / Amazon Web Services =====
   * Security bulletins: [[https://aws.amazon.com/amazon-linux-ami/security-bulletins/|Amazon Linux AMI Security Center]] ([[http://aws.amazon.com/rss/amazon-linux-ami.rss|RSS feed]])
   * Security contact: <aws-security@amazon.com> [[https://aws.amazon.com/security/aws-pgp-public-key/|PGP key]]
   * [[http://aws.amazon.com/security/|AWS Security Center]]
   * [[http://aws.amazon.com/security/vulnerability-reporting/|Vulnerability reporting information]]
-===== Annvix =====
-  * [[https://annvix.com/bugzilla/|Annvix Bugzilla]]
-  * [[http://annvix.org/About/Changelog|Changelog and errata information]]
-  * Security contact: <security@annvix.org>
 ===== Apple Inc. =====
   * [[http://www.apple.com/support/security/|Security process information]]
-  * Security issues should be sent to <security@apple.com>
+  * Security issues should be sent to <product-security@apple.com>
   * Alternatively, reported through the [[https://developer.apple.com/bug-reporting/|Apple Bug Reporter]]
-  * [[http://docs.info.apple.com/article.html?artnum=61798|Security advisories]]
+  * [[https://support.apple.com/en-au/HT201222|Security advisories]]
 ===== Arch Linux ====
@@ Line 38: / Line 31: @@
 ===== Debian ====
   * [[http://bugs.debian.org|Debian bug tracker (public issues only)]], [[http://security-tracker.debian.org|Security issue tracker (public issues only)]]
   * Security issues should be sent to <security@debian.org>
@@ Line 45: / Line 39: @@
   * DragonFly Security Officer: <security@dragonflybsd.org> ([[http://www.dragonflybsd.org/keys/|PGP key]])
 ===== Enea =====
@@ Line 53: / Line 46: @@
   * Enea Security: http://www.enea.com/solutions/Enea-Linux/Security
   * Enea security contacts can be reached at security [at] enea [dot] com
-===== Foresight Linux =====
-  * Security issues should be sent to <security@foresightlinux.org>
-  * Advisories are published for the currently-maintained branch at the [[http://lists.rpath.org/mailman/listinfo/foresight-security-announce|Foresight Linux Essential Advisory mailing list]]
 ===== FreeBSD =====
@@ Line 83: / Line 71: @@
 ===== IBM =====
   * [[http://www-03.ibm.com/security/secure-engineering/report.html|How and where to report an IBM Product Security Incident]]
   * [[http://www.ibm.com/connections/blogs/PSIRT|Security Bulletins]]
@@ Line 94: / Line 83: @@
   * Security contact: <security@mageia.org>
-===== Mandriva =====
+===== Microsoft Linux Systems Group =====
-  * [[https://qa.mandriva.com|Mandriva Bugzilla]]
-  * [[http://www.mandriva.com/security|Security and errata information]]
-  * Security contact: <security@mandriva.com>
+  * Report security issues through the [[https://www.microsoft.com/en-us/msrc|Microsoft Security Response Center]]
+  * Details on the reporting procedure are available [[https://portal.msrc.microsoft.com/en-us/engage/sbr| here]]
+  * Information about the bounty program [[https://www.microsoft.com/en-us/msrc/bounty?rtc=1|here]]
 ===== MontaVista Software, LLC. =====
@@ Line 105: / Line 93: @@
   * The process for receiving security advisories requires a Support or Maintenance subscription.
   * Bug tracking database - access requires a Support or Maintenance subscription.
-  * [[http://www.mvista.com/cve_vulnerabilities.php | Security Advisories ]]
+  * [[https://support.mvista.com/Security/CVE/ | Security Advisories ]]
-  * MontaVista security contacts can be reached at <security@mvista.com>.
+  * MontaVista security contacts can be reached at <security@mvista.com> [[https://support.mvista.com/Security/mv_psirt_pub_key.txt|PGP key]]
 ===== NetBSD =====
@@ Line 115: / Line 102: @@
   * Security contact: <security-alert@NetBSD.org>
   * (for pkgsrc please see separate entry below)
 ===== OpenBSD =====
-  * [[http://www.openbsd.org/query-pr.html|Bug tracking database]] (Currently down, update when the replacement is in place)
+  * Bug tracking mailing list: <bugs@openbsd.org> ([[https://marc.info/?l=openbsd-bugs|Archive]], [[https://lists.openbsd.org/cgi-bin/mj_wwwusr?extra=bugs&func=lists-full-long|Subscribe]])
-  * [[http://www.openbsd.org/security.html|Security and errata information]]
+  * [[https://www.openbsd.org/security.html|Security and errata information]]
   * Security contact: <deraadt@openbsd.org>
+===== OpenMandriva =====
+  * Bug tracker: [[https://github.com/OpenMandrivaAssociation/distribution/issues]]
+  * Security contact: <team@openmandriva.org>
+  * Matrix channel: [[https://app.element.io/#/room/#openmandriva-cooker:matrix.org]] (This is a public channel, not for private information, but the fastest way to ping a maintainer)
 ===== OpenSUSE and SUSE =====
@@ Line 149: / Line 141: @@
   * Update announcements published via [[http://kb.sp.parallels.com|Parallels KnowledgeBase]] and [[http://sp.parallels.com/products/pcs/rss|Parallels Cloud Server RSS]], [[http://sp.parallels.com/products/pvc/pcl-rss|Parallels Containers for Linux RSS]].
   * Security contact: <security@parallels.com>
-===== Pardus =====
-  * [[http://bugs.pardus.org.tr/|Pardus Bugzilla]] -- see "Guvenlik/Security" product.
-  * Pardus Linux Security Advisories (PLSA) published via [[http://liste.pardus.org.tr/pardus-security/|Mail list]] ([[http://liste.pardus.org.tr/mailman/listinfo/pardus-security|subscribe]]), [[http://security.pardus.org.tr/en/|HTTP]] and [[http://security.pardus.org.tr/en/rss/|RSS]].
-  * Security contact: <security@pardus.org.tr>
 ===== pkgsrc (NetBSD Packages Collection for multiple OS's incl. *Bsd, Linux, Solaris, OSX, etc.) =====
@@ Line 169: / Line 154: @@
   * Qlustar Security Advisories (QSA) [[https://qlustar.com/security-advisories|Archive]] ([[https://qlustar.com/newsletter/subscriptions|subscribe]]).
   * Security contact: <security@qlustar.com>
 ===== Red Hat Inc =====
@@ Line 175: / Line 159: @@
   * Report security issues to <secalert@redhat.com> or see https://www.redhat.com/security/team/contact/ for our keys and policies
   * Advisories for all Red Hat products are published to [[http://www.redhat.com/archives/rhsa-announce/|the RHSA announce mailing list]] since Nov 2007 (older are at [[http://www.redhat.com/archives/enterprise-watch-list/]]).
-===== rPath Inc =====
-  * Security-related bugs can either be mailed to <security@rpath.com> or filed at https://issues.rpath.com (setting the "security level" to "reporter and rPath Security Team")
-  * Advisories are published to [[http://lists.rpath.com/mailman/listinfo/security-announce|the security-announce mailing list]] for all branches which are currently being supported.
 ===== Solaris =====
@@ Line 187: / Line 166: @@
   * [[http://www.oracle.com/us/support/assurance/fixing-policies/index.html|Oracle security fix policy]]
   * [[http://www.oracle.com/technetwork/topics/security/changesforsunsecuritypolicies-162219.html|Changes in security policies for the Sun product lines]]
+===== TurrisOS =====
+  * Use [[https://gitlab.labs.nic.cz/turris/openwrt/issues]] to report TurrisOS bugs (private security bugs can be opened by checking the "This issue is confidential and should only be visible to team members with at least Reporter access." box).
+  * Security contacts for TurrisOS can be reached at <security@turris.cz>.
 ===== Ubuntu =====
-  * Use [[https://launchpad.net/ubuntu/+filebug]] to report Ubuntu bugs (private security bugs can be opened by checking the "This bug is a security vulnerability" box).
+  * Use [[https://launchpad.net/ubuntu/+filebug|Launchpad]] to report Ubuntu bugs
-  * [[http://www.ubuntu.com/usn/|Ubuntu Security Notices]] are sent to the [[https://lists.ubuntu.com/archives/ubuntu-security-announce/|ubuntu-security-announce mailing list]].
+    * Private security bugs can be opened by selecting the ''"Private Security"'' option in the ''"This bug contains information that is:"'' drop-down menu
-  * Security contacts for Ubuntu can be reached at <security@ubuntu.com>.
+  * [[https://usn.ubuntu.com/|Ubuntu Security Notices]] are sent to the [[https://lists.ubuntu.com/archives/ubuntu-security-announce/|ubuntu-security-announce mailing list]]
+  * Security contacts for Ubuntu can be reached at <security@ubuntu.com> or see the [[https://wiki.ubuntu.com/SecurityTeam/FAQ#Contact|Ubuntu Security FAQ]] for more information
 ===== VMware, Inc. ====
@@ Line 200: / Line 184: @@
   * You can sign up for receiving security advisories at [[http://www.vmware.com/security]].
   * Report security issues to <security@vmware.com> or see the [[http://www.vmware.com/support/policies/security_response.html|VMware Security Response Policy]] for more information.
 ===== Wind River =====
@@ Line 207: / Line 190: @@
   * [[http://www.openwall.com/lists/oss-security/2011/05/02/9|Info on what Wind River publicly disclose and what they don't; RSS feeds with the publicly disclosed info on security issues]]
   * Wind River Linux security contacts can be reached at <security-alert@windriver.com>.
 ====== Other Resources ======
@@ Line 214: / Line 196: @@
 There's a [[http://distributions.freedesktop.org/wiki/DistributionLocations|similar page on the Distributions Wiki]].
-[[http://osvdb.org|OSVDB]] maintains [[http://osvdb.org/vendors|The Vendor Dictionary]], an extensive database of software and appliance vendors (not limited to Open Source ones).