~alpine/devel

[alpine-devel] How to Report Software Vulnerabilities [VCALL-866]

CERT(R) Coordination Center <cert@cert.org>
Details
Message ID
<201705051553.v45FrYPK041062@timberline.sei.cmu.edu>
Sender timestamp
1493999036
DKIM signature
missing
Download raw message
6 years ago 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

The CERT Coordination Center periodically reports known software vulnerabilities to linux distribution vendors such as yourself to coordinate widespread disclosure of vulnerabilities and uptake of patches.

We're updating our records and noticed we do not have a good way to contact Alpine Linux. We want to ensure we can reach you with timely information in case of a widespread vulnerability affecting linux.

What is the preferred email address for reporting software vulnerabilities to the Alpine team? We sometimes wish to report these issues privately (not on a public tracker) before they are disclosed, so ideally this would not be a bugtracker or email list.

In either case, is there a PGP key we could use to encrypt these reports to you? We rely on PGP to safeguard vulnerability information prior to disclosure.

For more information about our process of coordinating vulnerability disclosures, please see <https://vuls.cert.org>. Please let me know if you have any questions.

When replying, please ensure VCALL-866 is in the subject line of your email.

Thank you!


Best Regards,

Garret Wassermann

Vulnerability Analysis Team
CERT Coordination Center (CERT/CC)
A division of:
Software Engineering Institute
Carnegie Mellon University

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJZDJ/zAAoJEOaVDwyMMQJnjosP/jHIwSIEJTTV0e7y9GO4yxoi
1/O/2MbBDL8jV4Tgxio83uQIKw3AklRbn9OhwF/YXfo16WSFM2VokH6MIVkRO8PV
GRWNkAwcgxItzQbE+BwzfYrpHdU7tpU9gm+xoVvz9qvFV5k8NXVsKA9MNMki+QjV
+lYPl0WogHenAmM+AxY3+btie4JtHt58uEvaiQLUSR7JLDkNROu9T1DPPAgeDB5s
DP6FN9q4KYTLFObICendq1W2qqvLqH4hz7QAX5VzKheehpB8COc8AO0lW4/kk+jm
GuukPg6vX4Fk2aEnV7hV/9ZExsf+6AEYDloBlC9M5x/ZaShORbJaKDa4Oo90QHoF
u8McbPFsDZU1ORdG6/F1DGeK65yMpDSUjRhy0UcC1Nu7n5YEzyKg/OyaoMYF3H6g
UxIuDgaAINLZnx55xJ6xU7Zl9aIl0n8F3FoUcEfEK+8XQtKM/YwjLZzXm9RSwFV9
EzxjMZhx2Q1Lp4L/54XF4um8qO4OCnIyeTprjj0FSQHTLJ4YX6GbpmnO8wdDn6JD
dnMINmHgURup/fjNiRShvhZN3A3JdfSmAa2i0T8Fu+EwSvWBEl7kwmI6bTP9SpW2
JF26BnzFRGB49eUuM4Cuz/b795OKRdYTqjpHdihK2nS2SorZuIJSkEZObOPIOnXN
wjypqlz9Uzsz5S26TIb3
=/cex
-----END PGP SIGNATURE-----


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)