On Tue, May 09, 2006 at 03:21:31AM -0700, Karl Chen wrote:
> I'm working on a project to statically analyze all Debian packages
> for format string vulnerabilities, using type qualifier inference
> (a programming languages technique).
That sounds like a very interesting project! Where can one read more
about type qualifier inference - any books, web sites, articles?
> What advice do you guys have on reporting vulnerabilities --
> reporting to the author(s), vs vendor-sec, vs security@xxxxxxxxxx?
team@xxxxxxxxxxxxxxxxxxx if it's a Debian-only problem, and
vendor-sec@xxxxxx if it isn't. They contact the authors.
// Ulf
|
