[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH v2 SECURITY-POLICY 2/9] Add headings

To: <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 23 Jan 2015 19:31:13 +0000
Cc: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>, Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Delivery-date: Fri, 23 Jan 2015 19:31:51 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

 - For Predisclosure list application process
 - For Handling of embargoed information"

No semantic change.

Signed-off-by: Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>
Signed-off-by: Ian Jackson <Ian.Jackson@xxxxxxxxxxxxx>
---
 security_vulnerability_process.html |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/security_vulnerability_process.html 
b/security_vulnerability_process.html
index 4ed0042..010cf76 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -186,6 +186,7 @@ addresses.)</p>
 of the advisory and patches, with a clearly marked embargo date, as
 soon as they are available. The pre-disclosure list will also receive
 copies of public advisories when they are first issued or updated</p>
+<h3>Handling of embargoed information</h3>
 <p>Organizations on the pre-disclosure list are expected to maintain
 the confidentiality of the vulnerability up to the embargo date which
 security@xenproject have agreed with the discoverer, and are
@@ -214,6 +215,7 @@ following:</p>
 <p><em>NOTE:</em> Prior v2.2 of this policy (25 June 2014) it was
 permitted to also make available the allocated CVE number. This is no
 longer permitted in accordance with MITRE policy.</p>
+<h3>Predisclosure list membership application process</h3>
 <p>Organisations who meet the criteria should contact
 security@xenproject if they wish to receive pre-disclosure of
 advisories. Please include in the e-mail:</p>
-- 
1.7.10.4


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

References:
- [Xen-devel] [PATCH SECURITY-POLICY 0/9] Re: Security policy ambiguities - XSA-108 process post-mortem
  - From: Ian Jackson
- [Xen-devel] [PATCH v2 SECURITY-POLICY 0/9] Security policy ambiguities - XSA-108 process post-mortem
  - From: Ian Jackson

Prev by Date: [Xen-devel] [PATCH v2 SECURITY-POLICY 3/9] Deployment with Security Team Permission
Next by Date: [Xen-devel] [PATCH v2 SECURITY-POLICY 0/9] Security policy ambiguities - XSA-108 process post-mortem
Previous by thread: [Xen-devel] [PATCH v2 SECURITY-POLICY 3/9] Deployment with Security Team Permission
Next by thread: [Xen-devel] [PATCH v2 SECURITY-POLICY 6/9] Explicitly permit within-list information sharing during embargo
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.