-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Hello, > > I have run into a hard decision - i just dicovered a bug in > <someserver> which <some large company> runs and is only > accessible to the clients of <the company> - it's an auth > server, somewhere tied together with Cisco router w/ SSG and > RADIUS authentication. > > Due to bug, any source file can be read and the <the company> has spent > thousands of $ for making the system. > > Whats the best - report the bug and possible workarounds or let it > stay? > What i am nervous of is that the <the company> could 'kick' me later > for seeing the sources. > > P.Krumins Peter, CERT/CC has a checkbox on their vulnerability reporting form to keep the reporter's information confidential from the affected vendors. See their form at http://www.cert.org/reporting/vulnerability_form.txt If you dont feel comfortable going to the affected vendors directly, there is always the option of using a trusted 3rd party like CERT/CC and having them contact the vendors on your behalf. - -Mike- - -- - ---------------------------------------------------------------------------- | || || | Mike Caudill | mcaudillat_private | | || || | PSIRT Incident Manager | 919.392.2855 | | |||| |||| | DSS PGP: 0xEBBD5271 | 919.522.4931 (cell)| | ..:||||||:..:||||||:.. | RSA PGP: 0xF482F607 ---------------------| | C i s c o S y s t e m s | http://www.cisco.com/go/psirt | - ---------------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.2 iQA/AwUBPuADjopjyUnrvVJxEQJX7ACg80UaFE2pRCF1gbBRzRKg/cilPeQAoLdP fekIMRYxavhJDJd4WyBlVl6M =tp+w -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Jun 06 2003 - 11:10:36 PDT