This repository has been archived by the owner on Jan 21, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 11
Purpose of this project? #15
Comments
On 13 Jan 2017, at 09:43, Willem de Groot ***@***.***> wrote:
Hi! From the README it is unclear (to me) what the goal is? A standalone contact database? Or is there a public interface running somewhere?
Context: I am a security researcher and want to escalate to national CSIRTs occasionally. The current contacts at cert.org are outdated (many bounces) so a centralized list of incident report email addresses would be useful.
I've processed bounces and replies in a shared Google spreadsheet
Hi Willem,
I'll have a look at this.
I suggest that the best national CSIRT list is still with CERT.org.
If there are inaccuracies there we should report them to CERT.org IMHO.
I'll answer the other question in a second mail.
Best,
a.
|
Thanks for answering. I would agree that cert.org would be the best place/organisation, but so far they have ignored all my messages and correction proposals. Also, is there an incentive for national CSIRTs to update their contact details at cert.org? One would expect cert.org to update their database when many nations complain. Speculating: possibly they don't get many complaints, because local CSIRTs don't have incentive to receive more incident reports because they have too much work already? |
Willem,
Thanks for your mail. I'll check with cert.org.
I know the DB there gets updated at least once per year. Of course this might not be timely enough.
I'll try to connect you directly and let's solve this "upstream". It's important for the whole CERT community.
You can reach me also on my cert.at tel# on Monday morning okay?
Thanks!!
This is an important topic.
…---
Mobile
On 13 Jan 2017, at 10:10, Willem de Groot ***@***.***> wrote:
Thanks for answering. I would agree that cert.org would be the best place/organisation, but so far they have ignored all my messages and correction proposals (sent a month ago).
Also, is there an incentive for national CSIRTs to update their contact details at cert.org? One would expect cert.org to update their database when many nations complain. Speculating: possibly they don't get many complaints, because local CSIRTs don't have incentive to receive more incident reports because they have too much work already?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi! From the README it is unclear (to me) what the goal is? A standalone contact database? Or is there a public interface running somewhere?
Context: I am a security researcher and want to escalate to national CSIRTs occasionally. The current contacts at cert.org are outdated (many bounces) so a centralized list of incident report email addresses would be useful.
I've processed bounces and replies in a shared Google spreadsheet
The text was updated successfully, but these errors were encountered: