search

certtools / contactdb

The ContactDB project was initiated to cover the need for a tool to maintain contacts for CSIRT teams
GNU Affero General Public License v3.0
37 stars 11 forks source link

Purpose of this project? #15

Open gwillem opened 7 years ago

gwillem commented 7 years ago

Hi! From the README it is unclear (to me) what the goal is? A standalone contact database? Or is there a public interface running somewhere?

Context: I am a security researcher and want to escalate to national CSIRTs occasionally. The current contacts at cert.org are outdated (many bounces) so a centralized list of incident report email addresses would be useful.

I've processed bounces and replies in a shared Google spreadsheet

aaronkaplan commented 7 years ago

On 13 Jan 2017, at 09:43, Willem de Groot notifications@github.com wrote:

Hi! From the README it is unclear (to me) what the goal is? A standalone contact database? Or is there a public interface running somewhere?

Context: I am a security researcher and want to escalate to national CSIRTs occasionally. The current contacts at cert.org are outdated (many bounces) so a centralized list of incident report email addresses would be useful.

I've processed bounces and replies in a shared Google spreadsheet

Hi Willem,

I'll have a look at this. I suggest that the best national CSIRT list is still with CERT.org. If there are inaccuracies there we should report them to CERT.org IMHO.

I'll answer the other question in a second mail.

Best, a.

gwillem commented 7 years ago

Thanks for answering. I would agree that cert.org would be the best place/organisation, but so far they have ignored all my messages and correction proposals.

Also, is there an incentive for national CSIRTs to update their contact details at cert.org? One would expect cert.org to update their database when many nations complain. Speculating: possibly they don't get many complaints, because local CSIRTs don't have incentive to receive more incident reports because they have too much work already?

aaronkaplan commented 7 years ago

Willem,

Thanks for your mail. I'll check with cert.org. I know the DB there gets updated at least once per year. Of course this might not be timely enough. I'll try to connect you directly and let's solve this "upstream". It's important for the whole CERT community. You can reach me also on my cert.at tel# on Monday morning okay?

Thanks!! This is an important topic.

Mobile

On 13 Jan 2017, at 10:10, Willem de Groot notifications@github.com wrote:

Thanks for answering. I would agree that cert.org would be the best place/organisation, but so far they have ignored all my messages and correction proposals (sent a month ago).

Also, is there an incentive for national CSIRTs to update their contact details at cert.org? One would expect cert.org to update their database when many nations complain. Speculating: possibly they don't get many complaints, because local CSIRTs don't have incentive to receive more incident reports because they have too much work already?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.