On Fri, Aug 06, 2004 at 05:11:19PM -0400, Michael Scheidell wrote:
> Have a vulnerability in an IBM product.
> sent alert to security (at) ibm (dot) com [email concealed] secure (at) ibm (dot) com [email concealed] and cert (at) ibm (dot) com [email concealed], all three bounced.
> Can anyone tell me the official address or procedure to notify IBM?
For AIX-releated flaws, the contact is security-alert (at) austin.ibm (dot) com [email concealed]
For other products... good luck. I also have a vulnerability in an IBM
product but I wasn't able to get in touch with anyone.
Online forms told me to call a number that is unreachable outside USA.
The AIX security officer told me he would find the right contact but I
never got anything else since.
--
__ /*- Frank DENIS (Jedi/Sector One) <j at 42-Networks.Com> -*\ __
\ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' /
\/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
> Have a vulnerability in an IBM product.
> sent alert to security (at) ibm (dot) com [email concealed] secure (at) ibm (dot) com [email concealed] and cert (at) ibm (dot) com [email concealed], all three bounced.
> Can anyone tell me the official address or procedure to notify IBM?
For AIX-releated flaws, the contact is security-alert (at) austin.ibm (dot) com [email concealed]
For other products... good luck. I also have a vulnerability in an IBM
product but I wasn't able to get in touch with anyone.
Online forms told me to call a number that is unreachable outside USA.
The AIX security officer told me he would find the right contact but I
never got anything else since.
--
__ /*- Frank DENIS (Jedi/Sector One) <j at 42-Networks.Com> -*\ __
\ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a> \' /
\/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a> \/
[ reply ]