[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Predisclosure-applications] DornerWorks Application for the pre-disclosure list



Hi.  We found this request languishing and discovered that we had
prepared a reply in June but not sent it.  Very sorry for the delay.

Anyway, here is the reply we prepared.  We haven't double-checked that
the things we say in it are still true, so if something has changed
please let us know.  And, feel free to chase us if you don't get a
reply.

Regards,
Ian.


Stewart Hildebrand via RT writes ("[predisclosure-applications #579] 
[Predisclosure-applications] DornerWorks Application for the pre-disclosure 
list"):
> I am hoping to add DornerWorks to the pre-disclosure list.

Hi, thanks.  All of this looks in order, except for one thing:

> 8. Information about your handling of security problems:
> ========================================================
>     * Your invitation to members of the public, who discover security 
> problems with your products/services, to report them in confidence to you;
>     * Specifically, the contact information (email addresses or other contact 
> instructions) which such a member of the public should use.
> Security issues are reported via the "contact us" page 
> https://dornerworks.com/contact-us

We looked at that page and it does not appear to contain an:

  "invitation to members of the public, who discover security problems
  with your products/services, to report them in confidence to you"

as the policy requires.

Furthermore, it's a generic contact form, for people who want to
"Learn more about what DornerWorks can do for you", ie a marketing
contact form.  People who are trying to report a security problem
ought not to find that they get put on a marketing mailing list or
that their enquiry is used for lead generation.

We don't have discretion to waive this requirement.

We look forward to your resubmission with the required information.


Thanks,
Ian.
(on behalf of the Xen Project Security Team.)

_______________________________________________
Predisclosure-applications mailing list
Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/predisclosure-applications

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.