[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Predisclosure-applications] DornerWorks Application for the pre-disclosure list



On Thursday, January 31, 2019 6:57 AM, Ian Jackson <ian.jackson@xxxxxxxxxx> 
wrote:
>Hi.  We found this request languishing and discovered that we had
>prepared a reply in June but not sent it.  Very sorry for the delay.
>
>Anyway, here is the reply we prepared.  We haven't double-checked that
>the things we say in it are still true, so if something has changed
>please let us know.  And, feel free to chase us if you don't get a
>reply.
>
>Regards,
>Ian.
>
>
>Stewart Hildebrand via RT writes ("[predisclosure-applications #579] 
>[Predisclosure-applications] DornerWorks Application for the pre-
>disclosure list"):
>> I am hoping to add DornerWorks to the pre-disclosure list.
>
>Hi, thanks.  All of this looks in order, except for one thing:
>
>> 8. Information about your handling of security problems:
>> ========================================================
>>     * Your invitation to members of the public, who discover security 
>> problems with your products/services, to report them in confidence to you;
>>     * Specifically, the contact information (email addresses or other 
>> contact instructions) which such a member of the public should use.
>> Security issues are reported via the "contact us" page 
>> https://dornerworks.com/contact-us
>
>We looked at that page and it does not appear to contain an:
>
>  "invitation to members of the public, who discover security problems
>  with your products/services, to report them in confidence to you"
>
>as the policy requires.
>
>Furthermore, it's a generic contact form, for people who want to
>"Learn more about what DornerWorks can do for you", ie a marketing
>contact form.  People who are trying to report a security problem
>ought not to find that they get put on a marketing mailing list or
>that their enquiry is used for lead generation.
>
>We don't have discretion to waive this requirement.
>
>We look forward to your resubmission with the required information.

We have added the verbiage "Email xensecurity@xxxxxxxxxxxxxxx to report a Xen 
security issue" to the contact page https://dornerworks.com/contact-us

Thanks,
Stewart Hildebrand
DornerWorks, Ltd

>
>Thanks,
>Ian.
>(on behalf of the Xen Project Security Team.)

_______________________________________________
Predisclosure-applications mailing list
Predisclosure-applications@xxxxxxxxxxxxxxxxxxxx
https://lists.xenproject.org/mailman/listinfo/predisclosure-applications

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.