|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Predisclosure-applications] Predisclosure list application
Thanks James. I have now added jump-admins@xxxxxxxxxxx to the list and have sent out copies of 4 currently embargoed issues (XSA-128..131). Ian. On Mon, 2015-05-18 at 11:51 +0100, James A. T. Rice wrote: > Hi Ian, > > Ah, jump-admins@ is Jump Networks Ltd staff, rather than admins > of customers, which I see now it might have appeared to have been. > There are three people on that list (myself, Nick Waterman, and > Hannah Gordon-Smith). > > As I'm sure you've guessed, the obfuscation on the contact > page is purely to dissuade spam, I fully expect spammers implement > basic de-obfuscation into their crawlers, so was trying to use > something slightly different to common obfuscation. Anyway, I've > updated the page to a more familiar format now. > > Thanks > James > > On 18 May 2015, at 10:28, Ian Campbell <ijc@xxxxxxx> wrote: > > > Hi James, > > > > Thank you, your application is largely fine, we have just one issue: > > > > Please could you clarify the scope of your jump-admins@ alias. It is > > intended that predisclosures go to a small team dedicated to handling > > incoming security issues, rather than a large team of system > > administrators. We would prefer a dedicated security@ or some such. > > > > It doesn't affect your application but several members of the Xen > > security team found your http://www.jump.net.uk/contact page unclear, in > > particular "please open a ticket with us at support <at> , highly > > confidential reports can be sent to directors <at>.". Adding the > > specific domain or perhaps some alternative formatting for the hint > > towards the email address to use (e.g. some <tt> tags) might be > > beneficial. > > > > Thanks, > > > > Ian. > > > > On Wed, 2015-05-13 at 15:09 +0100, James A. T. Rice wrote: > >> Hi, > >> > >> I'm from Jump Networks Ltd, we offer VPS services using Xen to > >> customers as per http://www.jump.net.uk/vps , so believe we fit the > >> criteria for inclusion to the predisclosure list. Invitation to > >> report security issues to us is at http://www.jump.net.uk/contact . > >> Your policy and terms for inclusion onto the list has been read and > >> accepted. We'd like jump-admins@xxxxxxxxxxx to be added to the list. > >> > >> Thanks > >> James Rice > >> Director > >> Jump Networks Ltd > >> _______________________________________________ > >> Predisclosure-applications mailing list > >> Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx > >> http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications > > > > > > _______________________________________________ > Predisclosure-applications mailing list > Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx > http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications _______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |