Siberian writes: > [Sentry Research Labs - ID0201061701] > (c) 2001 by www.sentry-labs.com > [...] > Topic: > Security Bug in CISCO TFTPD server 1.1 > > Vendor Status: > Informed (06/17/01) Just for the record, I checked with my teammates and can't find any record that you contacted the Cisco Product Security Incident Response Team (PSIRT). We're the group that handles vulnerabilities in all Cisco products and we're easily reachable. It would've been more helpful if you had contacted us privately beforehand and given us an opportunity to make fixed code available before you posted the vulnerability. If you did contact someone at Cisco, could you let us know who that was so we can follow up with that person? We'd like to make sure the process works as best as it can. If I am in error, please correct me. I have not yet validated the vulnerability, but will look into it as soon as possible. Regardless of the path the report took to get to us, we appreciate the time and effort that goes into such reporting. Ultimately, everybody benefits from full disclosure of product security vulnerabilities. Thanks. Jim == Jim Duncan, Product Security Incident Manager, Cisco Systems, Inc. <http://www.cisco.com/warp/public/707/sec_incident_response.shtml> E-mail: <jnduncanat_private> Phone(Direct/FAX): +1 919 392 6209
This archive was generated by hypermail 2b30 : Mon Jun 18 2001 - 21:49:05 PDT