Frequently Asked Questions (FAQ)
What is VulnWatch?
VulnWatch is a free open disclosure mailing list serving
the security community and vendors alike. While the moderators
of VulnWatch support open disclosure we encourage our posters to work
with vendors in a responsible way before reporting the vulnerability to
the
general public. VulnWatch is also will to assist researchers and
vendors in dealing with possible security issues in the most
responsible way without compromising the open disclosure principles.
Why was VulnWatch started?
VulnWatch was created because the involved individuals felt the need for
a forum which didn't currently exist: a non-discussion, non-patch,
all-vulnerability annoucement list supported and run by a community of
volunteer moderators distributed around the world.
Who started VulnWatch?
VulnWatch was the brainchild of Steve Manzuik - moderator of the
already successful Microsoft focused mailing list Win2KSecAdvice
(http://www.windowsitsecurity.com
).
Chris Wysopal, @stake,
(www.atstake.com) and RFP of
Wiretrip (www.wiretrip.net) have
agreed to act as
co-moderators with Steve Manzuik.
Other notables in the security industry also provided a tremendous
amount of support and input.
Is VulnWatch moderated?
Yes, VulnWatch is moderated but not in the conventional way
that other lists are moderated. To ensure the timely posts of
information,
VulnWatch will be moderated by multiple moderators in different time
zones around the world. The goal of VulnWatch is to have at minimum
four (4) moderators each in a different time zone. Currently, Steve
Manzuik, Chris Wysopal, and RFP will handle moderation duties until
permanent moderators are selected.
Is VulnWatch associated with any other mailing lists?
No, VulnWatch is an independent list and is not associated with any
Other mailing list. The only connection between VulnWatch an any
Other lists is that one of the moderators, Steve Manzuik, also
moderates Win2KSecAdvice (www.windowsitsecurity.com)
which is owned and operated by Windows 2000 Magazine.
What kind of content will one find on VulnWatch?
VulnWatch is focused on all operating systems and network
devices. The only exception to this is concerning Microsoft
platforms - for a quality mailing list on Microsoft platforms
check out the already successful Win2KSecAdvice
(www.windowsitsecurity.com).
What kind of posts are acceptable on VulnWatch?
VulnWatch is a vulnerability and security alert service.
In order to keep the noise ratio down, discussions will be limited to
only those that are completely relevant to a vulnerability. Flame wars,
and
profanity is not welcome on VulnWatch. The creators of VulnWatch are
considering adding a web based forum to the www.VulnWatch.org web site
to facilitate a more general discussion place.
Are we in danger of moderators letting their egos get the better of
them and the list?
Absolutely not!!! While having multiple moderators allows posts to
hit the list in a very timely fashion it also protects the list
subscribers from high levels of incoherent tripe that is sometimes
found on other lists. This will also prevent any one moderator from
blocking a post due to personal reasons.
How do I subscribe to VulnWatch?
To subscribe to the list you need a valid email address. Send mail to
vulnwatch-subscribe@vulnwatch.org.
No subject or message is required.
You will get a confirmation message that you must reply to in order to
confirm you subscription. More information about subscribing and
unsubscribing is available at http://www.vulnwatch.org/subscribe.html
Is there a web-based archive?
Yes. The official VulnWatch archive is located at
http://www.vulnwatch.org/archives.html
Can others feel free to mirror the archives?
Most definitely! We hope that VulnWatch has the privilege of being
added to popular archive sites. Our only request is that if you
decide to mirror the list that you do not allow users to
post directly to your archive. This is to ensure the quality and
integrity of all the information presented by VulnWatch.
How can VulnWatch remain free? Do you sell the information
posted to the list?
VulnWatch will remain free to all subscribers. Information
posted to the mailing list WILL NEVER be copyrighted, claimed, or
sold by VulnWatch in any form. VulnWatch will never sell early
notification services or incident tracking/response services. VulnWatch
would
never dream of trying to make a dime on the hard work of its
supporters. The creators of VulnWatch will rely on their own finances
and the kind donations of supporters to keep the list running.
Already we have enjoyed the generosity of Global NAPs (www.gnaps.com)
who have kindly donated co-location services and all of the hardware
we are currently running on has been donated.
How do I get involved?
Getting involved with VulnWatch is simple - post your research results
if you are a security researcher and if you are a vendor - post your
security alerts and bug fix information.
What else can I do to help?
As already stated, VulnWatch is a free, not for profit service so
Donations are greatly appreciated. If you have spare hardware or even
cash to donate to the VulnWatch project please contact Steve Manzuik
steve@vulnwatch.org
General questions about the list can also be directed to Steve.
|
