Security vulnerability disclosure process accepted

Last week the proposed changes to the security policy were approved unanimously by the Xen committers; the policy has been updated accordingly.

What this means is that now if you are “public hosting provider”, “vendor of Xen-based system”, or a “distributor of operating systems with Xen support”, regardless of your size, you may be eligible to join the pre-disclosure list. Please see the security policy for details on eligibility and how to apply.

It also means that if you are currently on the list, you will be asked to come in line with the changes to the policy: namely, to have a security alias for your organization rather than an individual, and to send a statement saying that you have read this policy and will abide by it.

This entry was posted in Uncategorized on by .

About George Dunlap

I received my PhD from the University of Michigan in December 2006. I joined XenSource in May of 2006. I've been working on analyzing performance in the Xen hypervisor. I'm currently working on a new scheduler.