|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Predisclosure-applications] Application for the predisclosure list
Remy van Elst writes ("[Predisclosure-applications] Application for the
predisclosure list"):
> I'm writing on behalf of my company with the request to be added to
> the pre-disclosure list. I've filled in the information on the
> security policy page here below.
Hi. Thanks for your mail.
We are sorry to say that your application did not contain all the required
information. We are not permitted to waive the requirements of the the Xen
Project Security Policy which is defined by the Xen Project community as a
whole.
> Information about your handling of security problems:
> Your invitation to members of the public, who discover security
> problems with your products/services, to report them in confidence to you;
>
> Specifically, the contact information (email addresses or
> other contact instructions) which such a member of the public should
> use.
>
> There is no specific responsible disclosure page, but
> our contact data is listed here, including email and telephone:
>
> http://www.cloudvps.com/contact
I'm afraid that the policy requires us to look for
Your invitation to members of the public, who discover security
problems with your products/services, to report them in confidence
to you
As far as we can see, the general contact page you mentioned does not
contain such an invitation.
Everything else about your application appears to be satisfactory, so
if you could point us to that "invitation to members of the public"
page, we would be happy to process your application.
Regards,
Ian
(on behalf of the Xen Project Security Team)
_______________________________________________
Predisclosure-applications mailing list
Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |