Xen project Mailing List

Re: [Predisclosure-applications] Application for the predisclosure list

To: Ian Jackson <ian.jackson@xxxxxxxxxxxxx>, "predisclosure-applications@xxxxxxxxxxxxxxxxxxxx" <predisclosure-applications@xxxxxxxxxxxxxxxxxxxx>

From: Remy van Elst <remy@xxxxxxxxxxxx>

Date: Wed, 21 Dec 2016 13:58:45 +0000

Accept-language: en-US, nl-NL

Delivery-date: Wed, 21 Dec 2016 13:58:54 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

Thread-index: AQHSSYZuylJrbcTDv0GTDGDN95huHKDxpZaAgAAyMFuAILmWiA==

Thread-topic: [Predisclosure-applications] Application for the predisclosure list

Hi Ian, The Dutch version is online: http://www.cloudvps.nl/responsible-disclosure-beleid - including the email address. Since our primary target is The Netherlands and Belgium this covers most of our customers. ________________________________________ From: Remy van Elst Sent: Wednesday, November 30, 2016 7:13 PM To: Ian Jackson; predisclosure-applications@xxxxxxxxxxxxxxxxxxxx Subject: RE: [Predisclosure-applications] Application for the predisclosure list Hi Ian, Thank you for your time. I'll sort this out with our security officer and will get back to the list soon. Remy ________________________________________ From: Ian Jackson <ian.jackson@xxxxxxxxxxxxx> Sent: Wednesday, November 30, 2016 5:13 PM To: Remy van Elst Cc: predisclosure-applications@xxxxxxxxxxxxxxxxxxxx Subject: Re: [Predisclosure-applications] Application for the predisclosure list Remy van Elst writes ("[Predisclosure-applications] Application for the predisclosure list"): > I'm writing on behalf of my company with the request to be added to > the pre-disclosure list. I've filled in the information on the > security policy page here below. Hi. Thanks for your mail. We are sorry to say that your application did not contain all the required information. We are not permitted to waive the requirements of the the Xen Project Security Policy which is defined by the Xen Project community as a whole. > Information about your handling of security problems: > Your invitation to members of the public, who discover security > problems with your products/services, to report them in confidence to you; > > Specifically, the contact information (email addresses or > other contact instructions) which such a member of the public should > use. > > There is no specific responsible disclosure page, but > our contact data is listed here, including email and telephone: > > http://www.cloudvps.com/contact I'm afraid that the policy requires us to look for Your invitation to members of the public, who discover security problems with your products/services, to report them in confidence to you As far as we can see, the general contact page you mentioned does not contain such an invitation. Everything else about your application appears to be satisfactory, so if you could point us to that "invitation to members of the public" page, we would be happy to process your application. Regards, Ian (on behalf of the Xen Project Security Team) _______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.