Thanks Javier, for the direction. I read through the archives. I'm a
little foggy on the exact proccess for disclosing the vulnerabilities.
>From what I gather from the audit FAQ it seems I would contact the
security team via e-mail @ security@xxxxxxxxxx if the issue is not
currently publically disclosed and have them confirm the vulnerability.
Is this the proper procedure?
Thanks,
David D. Rude II
Quoting Javier Fernández-Sanguino Peña <jfs@xxxxxxxxxx>:
> On Mon, Oct 10, 2005 at 06:54:34PM +0000, bannedit@xxxxxxxxxxxxxxx
> wrote:
> > Hello,
> >
> > Hi everyone. I've been interested in getting involved in the audit
> > project for some time now. So now is as good a time as ever I
> guess.
> > I've been audint code for about 4 years now on various operating
> > systems so hopefully I can be helpful to you guys. Recently I found
> a
> > potential flaw in some libraries and commonly used code I think it
> > would be best to mention the specifics in a private channel of
> > communication.
>
> That's great, welcome aboard.
>
> > Anyways, I'll be doing some source code auditing and my usual
> general
> > security research any findings I'll be sure to let you guys know
> about.
>
> Great. Notice that we are also interested in developing
> infraestructure in
> order to try to automate some of the tasks relevant to revealing
> security
> bugs. See the mailing list archives for further information.
>
> Again, welcome.
>
> Javier
>
|
