To whom it may concern, Hello. This is Tomotaka Ito from JPCERT/CC Vulnerability Handling Team. Please excuse the sudden contact. If you're not familiar with us or our activities, please check the following websites for more information. https://www.jpcert.or.jp/english/ https://www.jpcert.or.jp/english/vh/project.html https://www.ipa.go.jp/files/000044732.pdf https://jvn.jp/en/ We have received a report of a vulnerability found in the product "PicketLink" from a researcher/user here in Japan under the vulnerability handling framework called "Information Security Early Warning Partnership" and the official announcements #235 and #110 "Software Vulnerability Related Information Handling Measures" which were designed by Ministry of Economy, Trade and Industry (METI), a Japanese cabinet. From the websites https://github.com/picketlink https://github.com/orgs/picketlink/people http://www.slideshare.net/JBUG_London/london-jbug-april-2014 http://lists.jboss.org/pipermail/security-dev/2012-October/000176.html we found these email addresses. We would like to coordinate with you to solve the reported vulnerability, and your cooperation would be greatly appreciated. Before we provide you the details of the reported vulnerability, we would like to know the appropriate point-of-contact person, or department/group/team to communicate in regards to this issue. It would be greatly appreciated if you could provide us the below information at your earliest convenience. -Name of the persons/team who is in charge of such issues 　*Please assign at least 2 persons (primary and backup). If you have a division/team to handle such issue, please provide us a name of division/team. -Email address *Please provide us email addresses of the primary person and backup person. If you have a division/team, please provide us a group-mail address. -PGP key if available Once we receive your reply and point-of-contact information, we will then send you the original vulnerability report and the details either in a PGP encrypted message or in a password protected zip file. If you have any questions or concerns, please do not hesitate to contact us any time. Thank you in advance for your attention on this email. We would very much appreciate your prompt reply. Sincerely yours, Tomotaka Ito Vulnerability Handling Team Information Coordination Group ====================================================================== JPCERT Coordination Center (JPCERT/CC) TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 EMAIL: vuls(a)jpcert.or.jp PGP key: 0x33E6021D: B9 E8 68 35 2D 39 19 29 63 89 52 D4 F8 8D 50 FC https://www.jpcert.or.jp/english/