[VOIPSEC] Some additional etiquette thoughts (Was Re: Administrivia: A Test, Turning Moderation Off)
sebastien rittner
seb_rittner at yahoo.fr
Mon Oct 31 14:34:10 CST 2005
> Question for the group: what about security
> advisories relating to VoIP
> products? Is it okay for a vendor to send a
> security advisory (or the
> URL) for their product to the list? My personal
> vote would be yes.
> Others?
Agree. We can get to the bottom of it without giving
brand names.
> 2. This is not a mailing list for "full disclosure"
> of VoIP exploits, i.e.
> "Did you know you can break XXXXXX's VoIP system by
> using this simple
> attached script?" This list is for the discussion
> of VoIP security, but,
> as a participating vendor, I would like to hope that
> actual exploits would
> be sent to the vendor through the normal channels
> (such as
> 'security at xxxxxxx.com') so that a solution could be
> found before they are
> posted to this public mailing list.
>
> Thoughts? Comments?
Agree too. however, knowing the attack is the best way
to find...the solutio.
Sebastien.
More information about the Voipsec
mailing list