|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Publicity] [blog post draft] Security vs features
The publicity received by Xen security disclosures is a testament to Xen's global, mission-critical operational role and the resulting high expectations of developers and administrators. As seen in the aftermath of high-profile security disclosures by other OSS projects, public input can lead to new contributions and long-term improvement. It would be useful to highlight the previous community input which lead to the disclosure process, code audits that showcased static analysis tool vendors and security research firms, and the recent design review process for new features. Those processes were developed in public and will yield dividends for years to come. Can the blog post include a call to action, e.g. * Are there existing Xen developers who need external funding to work on a security wishlist? * How can the community receive public input to improve the design review process for the security implications of new features? E.g. maintain a public list with best-of-breed examples of security-conscious OSS design reviews. * Does the community have a security roadmap which needs new developers or attention from academic researchers? A prioritized list of past features which would benefit from new, security-oriented design reviews? * How can past security contributions be highlighted and promoted, to incentivize new contributions from the vendor and developer communities? * Is a public xen-security-devel list needed, to aggregate security expertise which can be pulled into threads on the xen-devel list, as needed? * Where should new developers and donors go to contribute? Rich _______________________________________________ Publicity mailing list Publicity@xxxxxxxxxxxxxxxxxxxx http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |