Xen project Mailing List

[Predisclosure-applications] Application for the pre-disclosure list

To: predisclosure-applications@xxxxxxxxxxxxxxxxxxxx

From: Mihai Donțu <mdontu@xxxxxxxxxxxxxxx>

Date: Tue, 20 Dec 2016 05:15:54 +0200

Delivery-date: Tue, 20 Dec 2016 03:16:04 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

Hi, I am writing on behalf of Bitdefender with the hope of adding our company to the pre-disclusure list. 1. Organization =============== Bitdefender SRL: http://www.bitdefender.com/business/ 24, Delea Veche Street, Office Building A, 7th floor, 2nd district, Bucharest, Romania 2. Domain name providing Xen-based services =========================================== N/A, though our cloud service runs on top of AWS https://gravityzone.bitdefender.com/ 3. Brief description ==================== Bitdefender provides security solutions integrating with various virtualization platforms, including XenServer. Our latest product - Bitdefender HVI - is tightly connected with the xen hypervisor via the VM event (mem_access) subsystem, also known as Citrix XenServer Direct Inspect API. Inclusion in the pre-disclosure list would make us eligible for receiving Citrix XenServer security updates ahead of time (binary and source) in order to ensure a bug/regression-free experience for our customers. 4. Products using Xen ===================== Bitdefender GravityZone - Security for Virtualized Environments http://www.bitdefender.com/business/virtualization-security.html Bitdefender GravityZone - HVI http://www.bitdefender.com/business/hypervisor-introspection.html 5. Links to public web pages ============================ Bitdefender GravityZone SVE (includes XenServer support) http://www.bitdefender.com/business/virtualization-security.html Bitdefender GravityZone HVI (XenServer-based) http://www.bitdefender.com/business/hypervisor-introspection.html Documentation mentioning XenServer support: http://download.bitdefender.com/resources/media/materials/virtualized-environments/en/Bitdefender-2015-NGZ-SecurityForVirtualEnviro-DS-70574-A4-en_EN-web.pdf Security issues are reported to support@xxxxxxxxxxxxxxx or security@xxxxxxxxxxxxxxx We also run a dedicated bugbounty program: http://www.bitdefender.com/site/view/bug-bounty.html Published articles as part of Xen Project: https://blog.xenproject.org/2015/08/04/the-bitdefender-virtual-machine-introspection-library-is-now-on-github/ https://events.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20from%20Xen%20_%20draft11.pdf Assigned XSA-s: https://xenbits.xen.org/xsa/advisory-105.html https://xenbits.xen.org/xsa/advisory-106.html https://xenbits.xen.org/xsa/advisory-116.html 6. Xen Project Security Policy Agreement ======================================== I and the members of our security team have read the Xen Project security policy agreement[1] and agree to abide terms for inclusion in pre-disclosure list. [1] https://www.xenproject.org/security-policy.html 7. Non-personal email address ============================= xen@xxxxxxxxxxxxxxx Thank you, -- Mihai DONȚU _______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.