[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Follow-up on ANSSI request to join Xen predisclosure list

Dear George,


I am looping on my colleagues request to join this pre-disclosure mailing list on Xen vulnerabilities. To give more context on this request, ANSSI mission is to defend and protect French Ministries and French Critical National Infrastructure Companies (CND operations), and for this purpose is hosting the French Governmental & National CERT: the CERT-FR. For our beneficiaries, we are monitoring and alerting on new vulnerabilities which might affects them, information are publicly available on this page:  https://www.cert.ssi.gouv.fr/.  


ANSSI is not directly using Xen products, however many of our beneficiaries are using them, and so an early warning on new vulnerabilities could help us to prepare our communications and advices.


I hope this clarify the request, please find below the information requested:

·         The name of your organization: Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI)

·         Domain name(s) which you use to provide Xen software/services: as explain above we are not directly using Xen products, however our domain is ssi.gouv.fr

·         A brief description of why you fit the criteria: ANSSI beneficiaries are users of Xen products (French administration and French critical infrastructure operators) and ANSSI mission is to protect those entities

·         Link(s) to current public web pages, belonging to your organisation, for each of following pieces of information: not applicable (however more information on ANSSI mandate can be found here: https://www.ssi.gouv.fr/en/mission/what-we-do/)

·         Statements about, or descriptions of, your eligible production services or released software, from which it is immediately evident that they use Xen: Not applicable

·         Information about your handling of security problems: security vulnerabilities can be reported to cert-fr.cossi@xxxxxxxxxxx   (Ref: article 47, Loi pour une République numérique n° 2016-1321 du 7 octobre 2016), details are available here: https://www.cert.ssi.gouv.fr/contact/

·         A statement to the effect that you have read this policy and agree to abide by the terms for inclusion in the list, specifically the requirements to regarding confidentiality during an embargo period: we confirm that we have read the policy and associated information related to the embargo period, as a national cyberdefense agency we are used to handle classified and sensitive information

·         The single (non-personal) email alias you wish added to the predisclosure list: vulnerabilite@xxxxxxxxxxx


Thank you for your assistance and we are available if you need more information on this request.


Best regards,





Coordinateur des partenaires du secteur privé / Operational partners management
Sous-direction Opérations / Cybersecurity Operation Center
Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) / French National Cybersecurity Agency

Mail : julien.masson@xxxxxxxxxxx



Les données à caractère personnel recueillies et traitées dans le cadre de cet échange, le sont à seule fin d’exécution d’une relation professionnelle et s’opèrent dans cette seule finalité et pour la durée nécessaire à cette relation. Si vous souhaitez faire usage de vos droits de consultation, de rectification et de suppression de vos données, veuillez contacter contact.rgpd@xxxxxxxxxxxxx. Si vous avez reçu ce message par erreur, nous vous remercions d’en informer l’expéditeur et de détruire le message. The personal data collected and processed during this exchange aims solely at completing a business relationship and is limited to the necessary duration of that relationship. If you wish to use your rights of consultation, rectification and deletion of your data, please contact: contact.rgpd@xxxxxxxxxxxxx. If you have received this message in error, we thank you for informing the sender and destroying the message.



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.