Ian
Â
I've provided what I believe are the missing bits of information below.Â
Moved to HTML so you can see my inline edits in color, prefixed [SC>].
Â
Many thanks for your quick response
Â
Simon
Â
CTO, Bromium Inc.
@simoncrosby
Â
-----Original Message-----
From: Ian Campbell [mailto:ian.campbell@xxxxxxxxxx]
Sent: Wednesday, March 18, 2015 2:49 AM
To: Simon Crosby
Cc: predisclosure-applications@xxxxxxxxxxxxxxxxxxxx; security@xxxxxxxxxxx; xen-predisclosure-advisory@xxxxxxxxxxx
Subject: Re: [Predisclosure-applications] Application for addition to Xen predisclosure list.
Â
On Mon, 2015-03-16 at 13:11 -0700, Simon Crosby wrote:
> Applicant: Bromium, Inc.
Â
We take it you are applying under the "Vendors of Xen-based systems"
case.
[SC >] YesÂÂÂÂÂÂÂÂÂ
Â
The Xen project security policy requires us to ask for "Link(s) to current public web pages, belonging to your organisation," for each piece of information, where a couple seem to be missing from your
application:
Â
ÂÂÂÂÂ * For "Evidence of your status as a service/software provider":
Â
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ If you are a software provider, how your software can be
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ downloaded or purchased.
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ(There are other options, this seems to be the one which
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ would apply in your case)
[SC >] Our products are not available for download. Email to sales@xxxxxxxxxxx is the best way to learn how to purchase our products, or you can fill out a web form here. There is no online purchase option.
ÂÂÂÂÂ * For "Information about your handling of security problems":
Â
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ Your invitation to members of the public, who discover
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ security problems with your products/services, to report
ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ them in confidence to you;
Â
[SC >] The Contact page on our site asks anyone that discovers a security issue with our product to email us in confidence at security@xxxxxxxxxxx
Â
With those I think we should be able to process your request.
Â
Thanks,
Ian.
Â
