Xen project Mailing List

Re: [Predisclosure-applications] Application for the pre-disclosure list

To: predisclosure-applications@xxxxxxxxxxxxxxxxxxxx

From: Mihai Donțu <mdontu@xxxxxxxxxxxxxxx>

Date: Tue, 21 Mar 2017 18:45:15 +0200

Delivery-date: Tue, 21 Mar 2017 16:45:30 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

Hi, On Tuesday 20 December 2016 05:15:54 Mihai Donțu wrote: > I am writing on behalf of Bitdefender with the hope of adding our > company to the pre-disclusure list. > > 1. Organization > =============== > > Bitdefender SRL: http://www.bitdefender.com/business/ > > 24, Delea Veche Street, Office Building A, 7th floor, 2nd district, > Bucharest, Romania > > 2. Domain name providing Xen-based services > =========================================== > > N/A, though our cloud service runs on top of AWS > https://gravityzone.bitdefender.com/ > > 3. Brief description > ==================== > > Bitdefender provides security solutions integrating with various > virtualization platforms, including XenServer. Our latest product - > Bitdefender HVI - is tightly connected with the xen hypervisor via the > VM event (mem_access) subsystem, also known as Citrix XenServer Direct > Inspect API. > > Inclusion in the pre-disclosure list would make us eligible for > receiving Citrix XenServer security updates ahead of time (binary and > source) in order to ensure a bug/regression-free experience for our > customers. > > 4. Products using Xen > ===================== > > Bitdefender GravityZone - Security for Virtualized Environments > http://www.bitdefender.com/business/virtualization-security.html > > Bitdefender GravityZone - HVI > http://www.bitdefender.com/business/hypervisor-introspection.html > > 5. Links to public web pages > ============================ > > Bitdefender GravityZone SVE (includes XenServer support) > http://www.bitdefender.com/business/virtualization-security.html > > Bitdefender GravityZone HVI (XenServer-based) > http://www.bitdefender.com/business/hypervisor-introspection.html > > Documentation mentioning XenServer support: > http://download.bitdefender.com/resources/media/materials/virtualized-environments/en/Bitdefender-2015-NGZ-SecurityForVirtualEnviro-DS-70574-A4-en_EN-web.pdf > > Security issues are reported to support@xxxxxxxxxxxxxxx or > security@xxxxxxxxxxxxxxx > > We also run a dedicated bugbounty program: > http://www.bitdefender.com/site/view/bug-bounty.html > > Published articles as part of Xen Project: > https://blog.xenproject.org/2015/08/04/the-bitdefender-virtual-machine-introspection-library-is-now-on-github/ > https://events.linuxfoundation.org/sites/events/files/slides/Zero-Footprint%20Guest%20Memory%20Introspection%20from%20Xen%20_%20draft11.pdf > > Assigned XSA-s: > https://xenbits.xen.org/xsa/advisory-105.html > https://xenbits.xen.org/xsa/advisory-106.html > https://xenbits.xen.org/xsa/advisory-116.html > > 6. Xen Project Security Policy Agreement > ======================================== > > I and the members of our security team have read the Xen Project > security policy agreement[1] and agree to abide terms for inclusion in > pre-disclosure list. > > [1] https://www.xenproject.org/security-policy.html > > 7. Non-personal email address > ============================= > > xen@xxxxxxxxxxxxxxx Sorry to push with this, but is there anything I can do to get the application unstuck? Thank you, -- Mihai DONȚU

Attachment: pgpWXFmqt6lRT.pgp
Description: OpenPGP digital signature

_______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.