Intel Product Security discussions

Where to rant about a bad modem
Post Reply
User avatar
Xymox
Site Admin
Posts: 28
Joined: Wed Jul 05, 2017 9:44 am

Intel Product Security discussions

Post by Xymox » Wed Aug 02, 2017 3:56 pm

My latest email exchange with Intel Product Security



_____________________________________________________
-------- Forwarded Message --------
Subject: Re: Fwd: Re: Puma 6 Zero day DoS remote exploit
Date: Wed, 2 Aug 2017 08:51:58 -0700
From: Chris <>
To: Intel Product Security Incident Response Team <>


There are no time frames in those guidelines.

US-CERT recommend on monday after review of the issue that I contact MITRE on this issue. Which I have. They also recommended I involve the press, which im doing.

I believe there are significant financial incentives that would influence Intel, modem vendors and MSOs to delay the release of full details of this issue. So I feel Intel as the CNA is not fulfilling its US-CERT obligations in providing a timely resolution to these issues and protecting critical network infrastructure and consumers because of the significant financial impact it could have on Intel, modem vendors and MSOs.

Intel is now also under a subpoena regarding the Puma 6 from a class action suit. This email will end up in the discovery documents.

If Intel decides to publish the full CVE, let me know.



On 8/2/2017 8:33 AM, Intel Product Security Incident Response Team wrote:
>
> Chris,
>
>
> Intel’s vulnerability handling guidelines can be found at https://security-center.intel.com/Vulne ... lines.aspx
>
> Thanks,
>
> Intel Product Security Incident Response Team (PSIRT)
>
> www.intel.com/security
>
> securexxxxxxx@intel.com
>
> From: Chris [mailto:]
> Sent: Monday, July 31, 2017 2:04 PM
> To: Intel Product Security Incident Response Team <Intel.Product.Security.Incident.Response.Team@intel.com>
> Subject: Re: Fwd: Re: Puma 6 Zero day DoS remote exploit
>
>
>
> Does Intel have a structured published disclosure timeline it follows ?
>
> Has there been a Vulnerability report forwarded to CERT on the Puma DoS ?
>

Post Reply