[Info-vax] VSI's lack (still) of a secure security reporting mechanism, was: Re: VMS and the Internet of Things (IoT)
clairgrant71 at gmail.com
clairgrant71 at gmail.com
Tue Oct 4 07:07:05 EDT 2016
On Monday, October 3, 2016 at 9:41:08 PM UTC-4, Simon Clubley wrote:
> On 2016-10-02, Kerry Main <kemain.nospam at gmail.com> wrote:
>
> And as also discussed in this thread, VSI _still_ doesn't even have
> any method on their website for a third party security researcher to
> securely contact them with sensitive information about VMS
> vulnerabilities. This public and secure reporting mechanism is
> security 101 these days, especially when an organisation is selling
> their products based on a security reputation.
> It would be interesting to know if this whole area was even
> discussed at the Bootcamp.
>
Not that I know of but it is discussed at VSI.
More information about the Info-vax
mailing list