Xen project Mailing List

Re: [Predisclosure-applications] Predisclosure application for HostPapa

To: "Stratful, Vince" <vince@xxxxxxxxxxxx>, <predisclosure-applications@xxxxxxxxxxxxxxxxxxxx>

From: George Dunlap <george.dunlap@xxxxxxxxxx>

Date: Tue, 4 Apr 2017 14:28:40 +0100

Delivery-date: Tue, 04 Apr 2017 13:29:04 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

On 24/03/17 15:21, Stratful, Vince wrote: > Hi all, > > My name is Vince Stratful, I'm the CTO for HostPapa. We sell VPS' to end > users using Xen via http://www.hostpapa.com, .ca, .co.uk, etc. > > I believe HostPapa fits the predisclosure criteria because we're a hosting > company that uses Xen to provide our services. Not all of our products > utilize Xen, but we do exclusively use Xen for our VPS products. > > Evidence of our status as a hosting services provider: > https://www.hostpapa.com/web-hosting-plan/vps-hosting/ > > Evidence of our status as a user of Xen: > https://www.hostpapa.com/web-hosting-plan/vps-hosting/ - in the "Managed > VPS" hover in each of the plan descriptions we mention that Xen is used as > our hypervisor. > https://www.hostpapa.com/web-hosting-plan/vps-hosting/detailed-specs/ - on > our detailed-specs break down, we mention Xen again. > > Information about our security policies: > Not publicly available, in our support center clients are given multiple > avenues to contact us regarding security and abuse issues. > > Security contact address: > security@xxxxxxxxxxxx > > I have read the policy located at https://www.xenproject.org/ > security-policy.html in full and agree to abide by the terms for inclusion > in the list. I understand that discretion and confidentiality during an > embargo period is of the utmost importance. Vince, Thanks for your application. Nearly everything looks to be in order, except for one item from the XenProject Security Policy: "Your invitation to members of the public, who discover security problems with your products/services, to report them in confidence to you" The policy says that the invitation must be to "members of the public", not customers. This means that there must at least an invitation on some publicly accessible web page; so you do not (yet) meet the criteria. You might consider, for instance, adding a section to https://www.hostpapa.com/about-hostpapa/ about reporting security problems. Hope to hear from you again soon. Thanks, -George Dunlap on behalf of the XenProject Security Team _______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/cgi-bin/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.