Moin-Moin and hello, TL;DR: Should there be an optional contact for sending security information to (i.e. about vulnerable services), which can be different from the abuse contact?
Background: We get a reasonable amount of security information sent to our abuse mailbox about things like "There's a vulnerable Confluence server on your network" and "This IP has contacted a botnet C&C server". Technically, this is not an abuse related issue, but still relevant to know and forward to the respective customer. Most of these e-mails originate from our local CERT (in my case CERT-BUND in Germany) but there are some other senders which are informing about these vulnerable services. I guess, most other providers know about these from their local CERTs or other organizations. Our abuse mailbox is not overflowing with these, of course, but it makes semi-automated handling a bit painful. For example, we would like to forward these information to our customers, but we wont need to take further action on this, because we refuse to break into the offices of our customers at night and patch their software. Also, sometimes these reports contain outdated data and the vulnerability has been removed in the time between collecting these information and sending the e-mail. On the other hand, for real abuse like sending spam or participating in DDoS, we also want to forward this information as quick as possible (automated), but also we want to know about and escalate so we can pull the plug if needed. So I wondered, if there (c|sh)ould be an optional contact/role for sending security related information to? This could be a different mailbox which does another automated handling of forwarding this notifications. What is your opinion on this? Greetings Max -- To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg
