Xen project Mailing List

Re: [Predisclosure-applications] DornerWorks Application for the pre-disclosure list

To: Ian Jackson <ian.jackson@xxxxxxxxxx>

From: Stewart Hildebrand <Stewart.Hildebrand@xxxxxxxxxxxxxxx>

Date: Mon, 5 Aug 2019 16:24:15 +0000

Accept-language: en-US

Cc: "predisclosure-applications@xxxxxxxxxxxxxxxxxxxx" <predisclosure-applications@xxxxxxxxxxxxxxxxxxxx>, Jeff Kubascik <Jeff.Kubascik@xxxxxxxxxxxxxxx>, Jarvis Roach <Jarvis.Roach@xxxxxxxxxxxxxxx>

Delivery-date: Mon, 05 Aug 2019 16:23:20 +0000

List-id: Applications for membership of Xen Security Advisories Pre-disclosure List <predisclosure-applications.lists.xenproject.org>

Thread-index: AdQEtGXuw3D7fVsTTGy0RYuTH2jWjQAIvF0gLSutBoAkiLNXgA==

Thread-topic: [Predisclosure-applications] DornerWorks Application for the pre-disclosure list

On Thursday, January 31, 2019 6:57 AM, Ian Jackson <ian.jackson@xxxxxxxxxx> wrote: >Hi. We found this request languishing and discovered that we had >prepared a reply in June but not sent it. Very sorry for the delay. > >Anyway, here is the reply we prepared. We haven't double-checked that >the things we say in it are still true, so if something has changed >please let us know. And, feel free to chase us if you don't get a >reply. > >Regards, >Ian. > > >Stewart Hildebrand via RT writes ("[predisclosure-applications #579] >[Predisclosure-applications] DornerWorks Application for the pre- >disclosure list"): >> I am hoping to add DornerWorks to the pre-disclosure list. > >Hi, thanks. All of this looks in order, except for one thing: > >> 8. Information about your handling of security problems: >> ======================================================== >> * Your invitation to members of the public, who discover security >> problems with your products/services, to report them in confidence to you; >> * Specifically, the contact information (email addresses or other >> contact instructions) which such a member of the public should use. >> Security issues are reported via the "contact us" page >> https://dornerworks.com/contact-us > >We looked at that page and it does not appear to contain an: > > "invitation to members of the public, who discover security problems > with your products/services, to report them in confidence to you" > >as the policy requires. > >Furthermore, it's a generic contact form, for people who want to >"Learn more about what DornerWorks can do for you", ie a marketing >contact form. People who are trying to report a security problem >ought not to find that they get put on a marketing mailing list or >that their enquiry is used for lead generation. > >We don't have discretion to waive this requirement. > >We look forward to your resubmission with the required information. We have added the verbiage "Email xensecurity@xxxxxxxxxxxxxxx to report a Xen security issue" to the contact page https://dornerworks.com/contact-us Thanks, Stewart Hildebrand DornerWorks, Ltd > >Thanks, >Ian. >(on behalf of the Xen Project Security Team.) _______________________________________________ Predisclosure-applications mailing list Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx https://lists.xenproject.org/mailman/listinfo/predisclosure-applications

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.