SecurityFocus

Re: SAP Security Contact Jan 05 2007 10:39PM
Thor (Hammer of God) (thor hammerofgod com) (2 replies)

Re: SAP Security Contact Jan 07 2007 12:14AM
Nicob (nicob nicob net) (2 replies)

Re: SAP Security Contact Jan 09 2007 02:09PM
Nick Boyce (nick boyce gmail com) (1 replies)

Re: SAP Security Contact Jan 10 2007 11:56PM
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net)

Re: SAP Security Contact Jan 09 2007 06:02AM
Stan Bubrouski (stan bubrouski gmail com)

In all fairness here, many companies have canned responses to
security@whatever and may never actually respond to a sender even if
action is being taken. Looking for an actual person to assure
something has been recognized as a vulnerability and will be patched
is not unreasonable.

-sb

On 1/6/07, Nicob <nicob (at) nicob (dot) net [email concealed]> wrote:
> Le vendredi 05 janvier 2007, Thor (Hammer of God) a écrit :
>
> > Something like security (at) sap (dot) com [email concealed] may seem obvious, but it's better if you
> > list specific contact info so it can be easily found.
>
> I don't want to be rude but :
> - security (at) domain (dot) tld [email concealed] is the only standardized security contact (as
> defined by RFC 2142)
> - googling security (at) sap (dot) com [email concealed] would bring some results
> - this was already answered on the Full-Disclosure mailing list
> - the OSVDB Vendor Dictionary contains a record for SAP
> - even the SecurityFocus site has some references to this email
> address : http://www.securityfocus.com/columnists/415
>
>
> Nicob
>
>

[ reply ]

Re: SAP Security Contact Jan 06 2007 05:00PM
Ansgar -59cobalt- Wiechers (bugtraq planetcobalt net)