Vendor notificationMar 30 2005 08:13PM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (1 replies)
Just a question...on your security incident checklist is there a step
for vendor notification? Example secure (at) microsoft (dot) com [email concealed] for Microsoft
products.
Like for example on this list... when you report something unusual here
...is there a point in time that reporting it to the security department
of Redhat, SuSe, Microsoft, etc. would be a valid exercise?
I find sometimes that it's on these listserves that are the first
'indicators' of issues and that vendors will grab these threads and
emails and pull in a case that should have had vendor notification much
earlier.
I've seen this happen twice personally to me where a email thread that I
spotted got the attention of a vendor and when the poster was contacted
they hadn't even thought it was worthy enough to report it to the
vendor, yet in reality it was.
At what point do you notifiy? Do you have criteria for notification?
[heck do you have the vendor email contacts listed on your incident
checklist?]
Susan
http://www.redhat.com/security/team/contact/
Microsoft TechNet Security - Microsoft Security Response Center PGP Key:
https://www.microsoft.com/technet/security/bulletin/pgp.mspx
--
Chapter 4 of The Complete Patch Management Book:
https://www.ecora.com/ecora/jump/pm149.asp
So why is it the only book on NT Event Logging is out of print?
http://tinyurl.com/3kwc2
And if you don't know about www.eventid.net You should!
for vendor notification? Example secure (at) microsoft (dot) com [email concealed] for Microsoft
products.
Like for example on this list... when you report something unusual here
...is there a point in time that reporting it to the security department
of Redhat, SuSe, Microsoft, etc. would be a valid exercise?
I find sometimes that it's on these listserves that are the first
'indicators' of issues and that vendors will grab these threads and
emails and pull in a case that should have had vendor notification much
earlier.
I've seen this happen twice personally to me where a email thread that I
spotted got the attention of a vendor and when the poster was contacted
they hadn't even thought it was worthy enough to report it to the
vendor, yet in reality it was.
At what point do you notifiy? Do you have criteria for notification?
[heck do you have the vendor email contacts listed on your incident
checklist?]
Susan
http://www.redhat.com/security/team/contact/
Microsoft TechNet Security - Microsoft Security Response Center PGP Key:
https://www.microsoft.com/technet/security/bulletin/pgp.mspx
--
Chapter 4 of The Complete Patch Management Book:
https://www.ecora.com/ecora/jump/pm149.asp
So why is it the only book on NT Event Logging is out of print?
http://tinyurl.com/3kwc2
And if you don't know about www.eventid.net You should!
[ reply ]