[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Predisclosure-applications] Application for predisclosure list membership for M.D.G. IT

Thanks Ian,

Apologies, I didn't realise that this related to hosting providers as well. We have updated this page (https://www.mdg-it.com.au/vps-magento-hosting.php) with the following content:

M.D.G. IT Virtual Private Servers run on the Xen hypervisor. Any security issues relating to Xen or M.D.G. IT products or services should be reported in confidence to M.D.G. IT using the Contact Form found at this link.

Please let me know if I've missed anything or if we need to make any changes?

Regards,
Peter

Peter Denison

Services

M.D.G. IT Pty Ltd

peterd@xxxxxxxxxx

www.mdg-it.com.au

1300 023 123


On Wednesday, 21 October 2015 at 3:30 AM, Ian Jackson wrote:

Peter Denison writes ("[Predisclosure-applications] Application for predisclosure list membership for M.D.G. IT"):
I am writing to apply for membership of the predisclosure list for M.D.G. IT
PTY LTD, an Australian VPS hosting provider, of which I am the director.

Hi. Thanks for your application.

We are sorry to say that your application did not contain all the
required information. We are not permitted to waive the requirements
of the the Xen Project Security Policy, which is defined by the Xen
Project community as a whole.

We are a public hosting provider, offering Xen based VPS services to
Australian ecommerce stores. We offer Xen services at
www.mdg-it.com.au. All of our VPS offerings are currently Xen
based. A link to our public web pages with rates appears below:

We looked at that web page, but it does not mention Xen as far as we
can see. The policy requires information ...

... from which it is immediately evident that [the eligible
services] use Xen.

Also, the policy requires:

* Your invitation to members of the public, who discover security
problems with your products/services, to report them in confidence
to you;

* Specifically, the contact information (email addresses or
other contact instructions) which such a member of the public
should use.

We did not see that invitation on the nominated web page.

Please let us know if there is some other web page(s) we should be
looking at for this information, or if we seem to have made a mistake,
or if you have updated the page(s) and would like us to reconsider
your application.

Regards,
Ian.
(on behalf of the Xen Project Security Team.)
 

_______________________________________________
Predisclosure-applications mailing list
Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.