[anti-abuse-wg] Adding a "Security Information" contact?
- Previous message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
- Next message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Gert Doering
gert at space.net
Tue Jun 7 12:01:02 CEST 2022
Hi, On Tue, Jun 07, 2022 at 11:45:05AM +0200, Max Grobecker wrote: > TL;DR: > Should there be an optional contact for sending security information to (i.e. about vulnerable services), > which can be different from the abuse contact? I see the problem, and maybe we need to re-think the definition of admin-c:, tech-c: and abuse-c: Reporters seem to only understand two possible approaches - use abuse-c:, or send to everything whois returns that has an "@" in it. The latter is something I consider borderline abusive, the former is not that helpful for security incident reporting (which might warrant a similarily fast reaction, but from a different team). So, no clear answer, just seconding that we might need to do a bit of work here. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <https://lists.ripe.net/ripe/mail/archives/anti-abuse-wg/attachments/20220607/4c78b04f/attachment.sig>
- Previous message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
- Next message (by thread): [anti-abuse-wg] Adding a "Security Information" contact?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]