[Exim-dev] Security Officer

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Nick Cleaton
Datum:  
To: exim-dev
Betreff: [Exim-dev] Security Officer
On Wed, Mar 10, 2004 17:02:01 +0000, Matthew Byng-Maddick wrote:
> On Wed, Mar 10, 2004 at 04:49:39PM +0000, Ollie Cook wrote:
> > However, I can respond on this point immediately. I know of one man who would
> > be excellent in this capacity of security officer. He's Nick Cleaton
> > (ex-Netscalibur, Claranet etc.)
>
> Nick's good at that kind of stuff, it's true. If he has the time.


I think I have the time, in fact I may well have Copious Free Time four
weeks from now :)

IMO a "Security Officer" should be a small team rather than one
individual. How about a structure something like:

security@??? and/or security-officer@???

    Published address for people to report security holes.  Goes to a
    small group, who weed out the spam and false alarms and forward any
    genuine issues to:


security-internal@??? (or somesuch)

    A closed, secret list that goes to a larger group of the major
    developers.  Used by the security officers to announce the discovery
    of security problems and to get feedback on proposed patches before
    publication.



--
Nick Cleaton
nick@???