Vendor-sec
From Wikipedia, the free encyclopedia
vendor-sec is an electronic mailing list dedicated to distributors of operating systems using (but not necessarily solely comprised of) free and open-source software. The list is used to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members.
Historically, vendor-sec started as a private communication channel for Linux vendors, and for distribution of CERT pre-release information in early 1997. However, vendor-sec is not restricted to Linux vendors.
Vendor-sec is a forum for:
- Sharing knowledge about security vulnerabilities
- Sharing and discussing security fixes
- Coordinating release schedules for security updates
- Propagating advance vulnerabilities notifications from the likes of CERT, NISTCC, and others, to affected parties.
The intended audience of vendor-sec are:
- Linux distributions
- Linux companies
- Individual hackers working on Linux security
- OpenSource projects with a large user base and/or high security exposure
- Other OpenSource operating systems
The mailing list is unmoderated, but requests for membership are manually vetted to ensure that only the target audience may join. This is done to avoid leaking the potentially sensitive discussions, as vendor-sec members often have access to information about vulnerabilities before they become public.
If you want to join the list, try to find a "sponsor", i.e. a vendor-sec member willing to vouch for you. Send a message to vendor-sec-request explaining why you want to join the list. Your application will then be discussed and voted upon by the vendor-sec members.
We encourage people who are actively researching vulnerabilities to share them with vendor-sec first. If you post as a non-member to this list, please ensure that you request verification that the mail arrived and action on it is being taken. If no reply is made within 48 hours, please make an attempt to contact vendor-sec-admin __at__ lst __period__ de and/or resend the message.
