Security vulnerability disclosure process accepted

By June 17, 2013 March 4th, 2019 Uncategorized

Last week the proposed changes to the security policy were approved unanimously by the Xen committers; the policy has been updated accordingly.
What this means is that now if you are “public hosting provider”, “vendor of Xen-based system”, or a “distributor of operating systems with Xen support”, regardless of your size, you may be eligible to join the pre-disclosure list. Please see the security policy for details on eligibility and how to apply.
It also means that if you are currently on the list, you will be asked to come in line with the changes to the policy: namely, to have a security alias for your organization rather than an individual, and to send a statement saying that you have read this policy and will abide by it.