{"id":16,"date":"2012-01-29T20:50:43","date_gmt":"2012-01-30T01:50:43","guid":{"rendered":"http:\/\/blogs.gentoo.org\/ackle\/?p=16"},"modified":"2020-11-19T03:59:14","modified_gmt":"2020-11-19T08:59:14","slug":"gmail","status":"publish","type":"post","link":"https:\/\/blogs.gentoo.org\/ackle\/2012\/01\/29\/gmail\/","title":{"rendered":"Using Gmail for Security Bug Scouting"},"content":{"rendered":"<p>Scouting for the Gentoo Security Project is only the first step as a padawan but it is the most basic task that follows through the entire recruitment process.<\/p>\n<p>I&#8217;ve used Gmail for personal email for years, but never truly understood the benefits of it until I started as a scout and the emails starting pouring in. A few reasons why I have come to love Gmail for scouting bugs and wrangling vulnerabilities:<\/p>\n<p><strong>Labels<\/strong><\/p>\n<p>Like many new scouts for the Gentoo Security team, I referenced the <a href=\"http:\/\/www.gentoo.org\/security\/en\/padawans.xml\">Padawan process page<\/a>\u00a0and also <a href=\"http:\/\/blogs.gentoo.org\/underling\/2011\/01\/17\/gentoo-security-team-scouting-tips\/\">Tim Sammut&#8217;s Scouting Tips<\/a>\u00a0when just starting out and setting up my own method of handling mail.\u00a0\u00a0Tim&#8217;s tips and process for handling incoming mail is excellent, but there was one thing that I couldn&#8217;t live with: the idea of all my mail from several lists and sources, mingling together in one folder. With Gmail, each message is filtered as it is received and a label can be applied to it. Sound a lot like folders? Not quite &#8211; multiple labels can be applied to the same email. The Inbox is a label applied to each message by default. This means that all new mail comes in to one &#8220;folder&#8221; (the Inbox) but when it is archived, the message is found under its appropriate label, as if it was moved to a folder.<\/p>\n<p><strong>Duplicate Email Filtering<\/strong><\/p>\n<p>A lot of emails are sent to multiple lists. Even our GLSA&#8217;s go to 3 lists that scouts should be subscribed to (Gentoo Announce, Bugtraq, and Full Disclosure) but that does not mean anyone wants to handle 3 copies of a GLSA. Luckily, Gmail filters out duplicates. If there are three filters, each applying a different label for Gentoo Announce, Bugtraq, and Full Disclosure emails, then Gmail will keep one copy of the email and apply three labels to that email. The only part I don&#8217;t like about duplicate email filtering: emails sent from myself to a list in which I belong are discarded. For example, when I send an email to oss-security, I do not receive a copy of the email from the list (I like the confirmation of knowing that my email went through).<\/p>\n<p><strong>Priority Inbox<\/strong><\/p>\n<p>Gmail already groups messages by conversations. However, there can still be a lot of conversations. Priority Inbox can be used to let Gmail determine what is more important to you. Over time, Priority Inbox learned that messages from bugzillas, gentoo-[dev-]announce@g.o, and CVE requests from oss-security are more important to me than most conversations from Full Disclosure or Bugtraq (which typically contain less actionable items). Of course, Priority Inbox doesn&#8217;t do much good if you use a mail client like Thunderbird.<\/p>\n<p>No, I don&#8217;t work for Google and they surely didn&#8217;t pay me to write this, but Gmail has really helped with organizing, filtering, and prioritizing all the messages that a scout needs.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Scouting for the Gentoo Security Project is only the first step as a padawan but it is the most basic task that follows through the entire recruitment process. I&#8217;ve used Gmail for personal email for years, but never truly understood the benefits of it until I started as a scout and the emails starting pouring &hellip; <a href=\"https:\/\/blogs.gentoo.org\/ackle\/2012\/01\/29\/gmail\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Using Gmail for Security Bug Scouting<\/span><\/a><\/p>\n","protected":false},"author":139,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[1],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/posts\/16"}],"collection":[{"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/users\/139"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/comments?post=16"}],"version-history":[{"count":8,"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/posts\/16\/revisions"}],"predecessor-version":[{"id":25,"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/posts\/16\/revisions\/25"}],"wp:attachment":[{"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/media?parent=16"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/categories?post=16"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.gentoo.org\/ackle\/wp-json\/wp\/v2\/tags?post=16"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}