Index: security.html
===================================================================
RCS file: /cvs/www/security.html,v
diff -u -p -r1.458 security.html
--- security.html	30 Apr 2024 01:38:50 -0000	1.458
+++ security.html	8 Aug 2024 06:04:41 -0000
@@ -105,8 +105,8 @@ fixing security problems.
 
 <p>
 Like many readers of the
-<a href="https://marc.info/?l=bugtraq">
-BUGTRAQ mailing list</a>,
+<a href="https://www.openwall.com/lists/oss-security/">
+oss-security mailing list</a>,
 we believe in full disclosure of security problems.  In the
 operating system arena, we were probably the first to embrace
 the concept.  Many vendors, even of free software, still try
@@ -155,7 +155,7 @@ proven.  We fix the bug, and we move on 
 have fixed many simple and obvious careless programming errors in code
 and only months later discovered that the problems were in fact
 exploitable.  (Or, more likely someone on
-<a href="https://marc.info/?l=bugtraq">BUGTRAQ</a>
+<a href="https://www.openwall.com/lists/oss-security/">oss-security</a>
 would report that other operating systems were vulnerable to a <q>newly
 discovered problem</q>, and then it would be discovered that OpenBSD had
 been fixed in a previous release).  In other cases we have been saved
@@ -195,7 +195,7 @@ written somewhere, but perhaps not taken
 Our proactive auditing process has really paid off.  Statements like
 <q>This problem was fixed in OpenBSD about 6 months ago</q> have become
 commonplace in security forums like
-<a href="https://marc.info/?l=bugtraq">BUGTRAQ</a>.
+<a href="https://www.openwall.com/lists/oss-security/">oss-security</a>.
 
 <p>
 The most intense part of our security auditing happened immediately