Thor, On 2007-01-05 Thor (Hammer of God) wrote: > You guys might want to put that on your web site. Probably somewhere > under "Contact Us" so that it is easy to, um, contact you specifically > for security issues. [...] > Something like security@xxxxxxx may seem obvious, but it's better if > you list specific contact info so it can be easily found. security@ is one of the role mailboxes specified by RFC 2142, so it really *is* that obvious. However, I agree that despite of this it would be better practice to put the address on the web site. Even more since proper use of role mailboxes seems to have become the exception rather than the rule nowadays. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
