[illumos-Developer] security issues
Alan Coopersmith
alan.coopersmith at oracle.com
Wed Dec 8 07:50:24 PST 2010
Jerry Jelinek wrote:
> Back when Sun was doing OpenSolaris they were
> plugged into the various agencies, such as CERT,
> which issue advance notification when a security
> hole has been found. Sun could then quickly address
> the bug and issue a patch.
CERT hasn't been that relevant for a while - I believe the primary
source of cross-vendor coordination now is vendor-sec:
http://oss-security.openwall.org/wiki/mailing-lists/vendor-sec
http://en.wikipedia.org/wiki/Vendor-sec
Certainly that's where most of the security alert info that's passed
on to me from the security team for fixes we need in Solaris all seems
to come from, and as one of the people in the upstream security team at
X.Org, that's where we pass it on to for pre-public distribution to the
vendors & distro builders who don't have people on our team.
--
-Alan Coopersmith- alan.coopersmith at oracle.com
Oracle Solaris Platform Engineering: X Window System
More information about the Developer
mailing list