[124032] in North American Network Operators' Group
Re: NSP-SEC
daemon@ATHENA.MIT.EDU (Hank Nussbacher)
Sat Mar 20 14:48:14 2010
Date: Sat, 20 Mar 2010 20:47:45 +0200 (IST)
From: Hank Nussbacher <hank@efes.iucc.ac.il>
To: William Pitcock <nenolod@systeminplace.net>
In-Reply-To: <1269110278.1220.147.camel@petrie>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, 20 Mar 2010, William Pitcock wrote:
> What I mean is: why can't anyone contribute valuable information to the
> security community? It is next to impossible to meet so-called 'trusted
> people' if you're new to the game, which is counter-productive.
>
> If you're a 15 year old kid and you just discovered a way to own the
> latest IOS, for example, how do you know who to tell about it?
If I was such a clever 15 year old I would go to Google and enter
"contacting cisco ios security"
which would lead me to ->
http://www.cisco.com/en/US/products/products_security_advisories_listing.html
which would lead me to ->
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Same exercise can be repeated for most vendors you can choose.
-Hank
