[Info-vax] VSI's lack (still) of a secure security reporting mechanism, was: Re: VMS and the Internet of Things (IoT)
David Froble
davef at tsoft-inc.com
Tue Oct 4 13:39:38 EDT 2016
Tym Stegner wrote:
> The last page of VSI roadmap provides an email address for any questions regarding VMS:
>
> For more information, please contact us at: RnD at vmssoftware.com
>
>
>
> On Tuesday, October 4, 2016 at 7:07:07 AM UTC-4, clairg... at gmail.com wrote:
>> On Monday, October 3, 2016 at 9:41:08 PM UTC-4, Simon Clubley wrote:
>>> On 2016-10-02, Kerry Main <kemain.nospam at gmail.com> wrote:
>>>
>>> And as also discussed in this thread, VSI _still_ doesn't even have
>>> any method on their website for a third party security researcher to
>>> securely contact them with sensitive information about VMS
>>> vulnerabilities. This public and secure reporting mechanism is
>>> security 101 these days, especially when an organisation is selling
>>> their products based on a security reputation.
Now, now, don't go busting Simon's bubble, he's having so much fun with it ..
:-)
But, yeah, if I found an issue, I'm sure I could find someone to discuss it
with. Don't need so much formality ....
More information about the Info-vax
mailing list