security auto-reply

Owned by Andrew Petro
Last updated: May 17, 2007 by Jim HelwigVersion comment
2 min read

This page is for drafting the auto-reply acknowledging email to security@

Draft

Dear Sir or Madam,

This is an auto-reply acknowledging your email to security@ja-sig.org.

Thank you for your email notifying the JA-SIG Security Contact Group of a potential security vulnerability in JA-SIG software. You can expect a human-generated response acknowledging your email and letting you know of next steps undertaken to resolve this issue in a timely and sensitive manner.

Please do not publicly post about this issue (to the web, wiki, issues tracker, or public email lists, e.g.) until the security team has had a chance to validate it and formulate a response. Often it will be possible and desirable to quietly develop and distribute a patch resolving the issue to affected software deployers before more widely publicizing the issue and its solution.

If you have any further concerns or information about this issue, please do send additional updates to security@ja-sig.org.

If for any reason you do not feel you are getting the resolution you need from security@ja-sig.org, please do contact a JA-SIG board member directly. For more information on the JA-SIG Security Contact Group see http://www.ja-sig.org/wiki/display/JSG/Security+Contact+Group.

Sincerely yours,

JA-SIG Security Contact Group
security@ja-sig.org

Example from UW-Madison

Greetings,

This message is to confirm that your report has been received
by the University of Wisconsin -Madison Incident Response Team, BadgIRT.

This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"<the subject of the message>",
a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of irt.doit.wisc.edu #<id number>.

Please include the string:

irt.doit.wisc.edu #<id number>

in the subject line of all future correspondence about this issue. To do so,
you may reply to this message.

You may not always receive a personal response to your report,
however reports are investigated and acted upon as necessary.

If this is a more urgent matter or personal follow-up is requested,
please contact our Help Desk at <phone number>.

Thank you,

BadgIRT Staff