Xen.org Security Policy Update: Get Involved

Xen.org recently released a number of (related) security updates, XSA-7 through to -9. This was done by the Xen.org Security Team who are charged with following the Xen.org Security Problem Response Process.

As part of the process of releasing XSA-7..9 several short-comings (a few of which Ian Jackson has discussed already in Security vulnerabilities – the coordinated disclosure sausage mill) were found in the process.

In order to address these short-comings we have started a discussion on the xen-devel mailing list which describes the issues which we faced and proposes some potential options for updates. However this process is supposed to serve you, the Xen user community, and therefore your feedback and input is critical to ensuring that the policy meets the needs of the community.

So whether you are a small or large consumer of Xen you should feel free to have your say and to help formulate an updated policy which best serves the needs of the community. To take part in the discussion please send mail to xen-devel@lists.xen.org.

This entry was posted in User Story and tagged , on by .

About Ian Campbell

Ian Campbell has been involved with the Xen project since joining XenSource in 2005. Today he is a Principal Software Engineer at Citrix Systems, Inc (http://www.citrix.com) working on Xen where his interests include Xen on ARM, Linux on Xen, paravirtualised networking and toolstack issues. Prior to Citrix (and XenSource) he worked on embedded Linux systems at Arcom Control Systems. Ian is a Xen.org committer, Linux maintainer (Xen network backend driver) and Debian Developer. Also check out Ian's personal blog.