- Vendor-sec
vendor-sec is an
electronic mailing list dedicated to distributors of operating systems using (but not necessarily solely comprised of) free and open-source software. The list is used to discuss potential distribution element (kernel, libraries, applications) security vulnerabilities, as well as to co-ordinate the release of security updates by members.Current members of the list include representatives from various
Linux distributions , as well as a number ofBSD distributions. The list does not make a distinction between commercial and non-commercial vendors.The mailing list is unmoderated, but requests for membership are manually vetted to ensure that only the target audience may join. This is done to avoid leaking the potentially sensitive discussions, as vendor-sec members often have access to information about vulnerabilities before they become public. [cite web | url=http://www.redhat.com/archives/rhl-beta-list/2003-July/msg00090.html | title=Re: Reason for the change]
As part of the conditions of use, information discovered through vendor-sec may not be disclosed ahead of time by vendors, which can cause frustration ("Going to vendor-sec ... creates inexcusable delays, [binds] you to confidentiality." [cite web | url=http://article.gmane.org/gmane.linux.kernel/709440 | title=
Re: [stable] Linux 2.6.25.10 (resume) ] )References
Wikimedia Foundation. 2010.
