This is correct but additionally, I don’t see how adding a separate security contact resolves the problem of outdated or misdirected (as in, not from your network) compromise incident reports.

You don’t have to break into your customers offices to patch their machines. You can just as well acl those IPs off till your customer has patched the vuln.  Might even deploy a walled garden like Comcast implemented over a decade back, if you’re a large SP.

--srs

From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Steve Atkins <steve@blighty.com>
Sent: Tuesday, June 7, 2022 4:50:58 PM
To: anti-abuse-wg@ripe.net <anti-abuse-wg@ripe.net>
Subject: Re: [anti-abuse-wg] Adding a "Security Information" contact?
 


> On 7 Jun 2022, at 12:14, Gert Doering <gert@space.net> wrote:
>
> Hi,
>
> On Tue, Jun 07, 2022 at 11:02:19AM +0000, Ángel González Berdasco via anti-abuse-wg wrote:
>> I don't think the problem would be to add a new attribute if needed.
>> The problem would be to *define* what should go there (and then get
>> everyone downstream to use that new attribute)
>
> This...  so, what would you suggest?

It would be nice, both for abuse contacts, and the potential security contact, to be able to advertise that you
accept machine readable reports, what formats and how to accept them. There’s an obvious advantage
for the abuse/security desk consuming reports for that, but it would also be an improvement in many ways
for generators of reports over the current system where abuse-c contains an email address, and that email
address is just an autoresponder saying that mail sent there isn’t read (but there’s this other channel over
here you can use).

I’ve a nasty feeling that any email address added as a security contact will be used as an additional
place to report spam coming from the network, which might not be what the people on the end of that
alias really need more of.

Cheers,
  Steve
--

To unsubscribe from this mailing list, get a password reminder, or change your subscription options, please visit: https://lists.ripe.net/mailman/listinfo/anti-abuse-wg