[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Predisclosure-applications] Xen Security Pre-disclosure list

  • To: Ian Campbell <ijc@xxxxxxx>
  • From: Lucas Vianna <lucas.vianna@xxxxxxxxxxxxxx>
  • Date: Tue, 3 Mar 2015 22:25:10 +0000
  • Accept-language: en-US, pt-BR
  • Cc: "predisclosure-applications@xxxxxxxxxxxxxxxxxxxx" <predisclosure-applications@xxxxxxxxxxxxxxxxxxxx>
  • Delivery-date: Tue, 03 Mar 2015 22:25:19 +0000
  • Domainkey-signature: a=rsa-sha1; c=nofws; q=dns; s=lwita2014; d=locaweb.com.br; b=qAO1mQ00Hqz1S2grZzbave+Wv5QFzBplPU3SOBGCjzuwpx6wBxUSLlQRAbTKxOzBabTV329iD5X5 9EAzVy3EjC8s+7PuXwv/v/VhlwoeGt7q2WbnF5AJ3N//3+dKcf2dS/s+rNgZuVYPWv1aUS6UmdeM 6uAvFrP9NFgfVA+BX20=;
  • List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>
  • Thread-index: AQHQVSTwFzL6nez/IkyBJTEz4CAftp0LISWAgABorQA=
  • Thread-topic: [Predisclosure-applications] Xen Security Pre-disclosure list

Hi Ian,

- Evidence of your status as a user/distributor of Xen: 

On our official wiki we have some documentations mentioning the platform Xen.

- Information about your handling of security problems:

Security contact details is mentioned on our information policy. Section âVulnerabilidade de seguranÃaâ -> Security Vulnerability.



On Mar 3, 2015, at 1:10 PM, Ian Campbell <ijc@xxxxxxx> wrote:

On Mon, 2015-03-02 at 20:10 +0000, Lucas Vianna wrote:
we would like to be included on the pre-disclosure list.


Thank you for your application.

The security policy[0] requires "Link(s) to current public web pages,
belonging to your organisation," for each piece of information.  This is
missing in the case of "Evidence of your status as a user/distributor of

The policy also says "If the pages are long and/or PDFs are involved,
your email should say which part of the pages and documents are
relevant." which is particularly relevant when it is necessary for us to
use a translation service. Please could you let us know which section of
your "Cloud Computing e Servidores Dedicados" document contains:

       Your invitation to members of the public, who discover security
       problems with your products/services, to report them in
       confidence to you;" and
       Specifically, the contact information (email addresses or other
       contact instructions) which such a member of the public should

Please can you provide this information so that we may continue to
process your application.


[0] http://www.xenproject.org/security-policy.html

Predisclosure-applications mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.