[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Predisclosure-applications] Xen predisclosure application: Wavecon GmbH

  • To: predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
  • From: Sebastian Pipping <spipping@xxxxxxxxxx>
  • Date: Fri, 13 Mar 2015 13:26:27 +0100
  • 'x-av-checked: Binford Spam- und Virenmassakermaschine 6000 next generation @ Fri Mar 13 13:23:46 2015 +0100 (CET)'
  • Delivery-date: Fri, 13 Mar 2015 12:23:51 +0000
  • List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>


I am hereby sending an application for the predisclosure list on behalf
of Wavecon GmbH, a public cloud and managed hosting company based in
Germany powered by Xen technology.

> The name of your organization

Wavecon GmbH

> Domain name(s) which you use to provide Xen software/services

*.wavecloud.de / https://control.wavecon.de

> A brief description of why you fit the criteria

Wavecon does not fit the 300k definition of "large-scale users" but is
a public hosting provider with >100 Xen hypervisors.
The core service of the company lies in providing hosting based on Xen
to third parties. Most employees work with services powered by Xen,
some people work on development of Xen orchestration software full-time.
Wavecon's data center, infrastructure and service are certified
according to ISO 27001.

To Wavecon, release of vulnerabilities in Xen may or may not require
reboots of some to all hypervisors, so Xen vulnerabilities have a
significant impact on our day-to-day operations.

> If not all of your products/services use Xen, a list of (some of)
> your products/services (or categories thereof) which do.

Xen is the only virtualization technology used in production at Wavecon.

> Link(s) to current public web pages, belonging to your organisation,
> for each of following pieces of information:
>  Evidence of your status as a service/software provider:
>   If you are a public hosting provider, your public rates or how to
>   get a quote

Please refer to https://www.wavecon.de/download/Preisliste_Wavecon.pdf
at https://www.wavecon.de/impressum.html for quotes.
The same page is pointing to sales(at)wavecon(dot)de for custom quotes.

>   If you are a software provider, how your software can be downloaded
>   or purchased


>   If you are an open-source project, a mailing list archive and/or
>   version control repository, with active development


>  Evidence of your status as a user/distributor of Xen:
>   Statements about, or descriptions of, your eligible production
>   services or released software, from which it is immediately evident
>   that they use Xen.

Please see "Mit Hilfe von Xen [..]" at

>  Information about your handling of security problems:
>   Your invitation to members of the public, who discover security
>   problems with your products/services, to report them in confidence
>   to you;

Please see "Please report security issues [..]" at
https://www.wavecon.de/impressum.html .

>   Specifically, the contact information (email addresses or other
>   contact instructions) which such a member of the public should use.


> A statement to the effect that you have read this policy and agree to
> abide by the terms for inclusion in the list, specifically the
> requirements to regarding confidentiality during an embargo period

We have read the policy at
and agree to its terms as retrieved 2015-03-10:

 * Cemil Degirmenci

 * Sebastian Pipping

 * Wolodja Wentland

> The single (non-personal) email alias you wish added to the
> predisclosure list.


Many thanks for your consideration.


Sebastian Pipping

Predisclosure-applications mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.