[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Publicity] [blog post draft] Security vs features

Rich,
the post is long enough. I think we should cover this in a follow-up, which I 
volunteer for
Lars

> On 30 Oct 2015, at 14:43, Rich Persaud <persaur@xxxxxxxxx> wrote:
> 
> The publicity received by Xen security disclosures is a testament to Xen's 
> global, mission-critical operational role and the resulting high expectations 
> of developers and administrators.  As seen in the aftermath of high-profile 
> security disclosures by other OSS projects, public input can lead to new 
> contributions and long-term improvement.
> 
> It would be useful to highlight the previous community input which lead to 
> the disclosure process, code audits that showcased static analysis tool 
> vendors and security research firms, and the recent design review process for 
> new features.  Those  processes were developed in public and will yield 
> dividends for years to come.  
> 
> Can the blog post include a call to action, e.g.
> 
> * Are there existing Xen developers who need external funding to work on a 
> security wishlist?  
> 
> * How can the community receive public input to improve the design review 
> process for the security implications of new features?   E.g. maintain a 
> public list with best-of-breed examples of security-conscious OSS design 
> reviews.
> 
> * Does the community have a security roadmap which needs new developers or 
> attention from academic researchers?  A prioritized list of past features 
> which would benefit from new, security-oriented design reviews?
> 
> * How can past security contributions be highlighted and promoted, to 
> incentivize new contributions from the vendor and developer communities?
> 
> * Is a public xen-security-devel list needed, to aggregate security expertise 
> which can be pulled into threads on the xen-devel list, as needed?
> 
> * Where should new developers and donors go to contribute?
> 
> Rich


_______________________________________________
Publicity mailing list
Publicity@xxxxxxxxxxxxxxxxxxxx
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.