Xen project Mailing List

Re: [Predisclosure-applications] DornerWorks Application for the pre-disclosure list

To: Stewart Hildebrand <Stewart.Hildebrand@xxxxxxxxxxxxxxx>

From: Ian Jackson <ian.jackson@xxxxxxxxxx>

Date: Thu, 31 Jan 2019 11:57:27 +0000

Cc: "predisclosure-applications@xxxxxxxxxxxxxxxxxxxx" <predisclosure-applications@xxxxxxxxxxxxxxxxxxxx>

Delivery-date: Thu, 31 Jan 2019 11:57:38 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

Hi. We found this request languishing and discovered that we had prepared a reply in June but not sent it. Very sorry for the delay. Anyway, here is the reply we prepared. We haven't double-checked that the things we say in it are still true, so if something has changed please let us know. And, feel free to chase us if you don't get a reply. Regards, Ian. Stewart Hildebrand via RT writes ("[predisclosure-applications #579] [Predisclosure-applications] DornerWorks Application for the pre-disclosure list"): > I am hoping to add DornerWorks to the pre-disclosure list. Hi, thanks. All of this looks in order, except for one thing: > 8. Information about your handling of security problems: > ======================================================== > * Your invitation to members of the public, who discover security > problems with your products/services, to report them in confidence to you; > * Specifically, the contact information (email addresses or other contact > instructions) which such a member of the public should use. > Security issues are reported via the "contact us" page > https://dornerworks.com/contact-us We looked at that page and it does not appear to contain an: "invitation to members of the public, who discover security problems with your products/services, to report them in confidence to you" as the policy requires. Furthermore, it's a generic contact form, for people who want to "Learn more about what DornerWorks can do for you", ie a marketing contact form. People who are trying to report a security problem ought not to find that they get put on a marketing mailing list or that their enquiry is used for lead generation. We don't have discretion to waive this requirement. We look forward to your resubmission with the required information. Thanks, Ian. (on behalf of the Xen Project Security Team.) _______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.