From mboxrd@z Thu Jan 1 00:00:00 1970
From: Ian Jackson
Subject: [PATCH v2 SECURITY-POLICY 2/9] Add headings
Date: Fri, 23 Jan 2015 19:31:13 +0000
Message-ID: <1422041480-1164-3-git-send-email-ijackson@chiark.greenend.org.uk>
References: <21689.27383.339939.319567@chiark.greenend.org.uk>
<1422041480-1164-1-git-send-email-ijackson@chiark.greenend.org.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path:
Received: from mail6.bemta3.messagelabs.com ([195.245.230.39])
by lists.xen.org with esmtp (Exim 4.72)
(envelope-from ) id 1YEjxD-00079m-Qe
for xen-devel@lists.xenproject.org; Fri, 23 Jan 2015 19:31:39 +0000
In-Reply-To: <1422041480-1164-1-git-send-email-ijackson@chiark.greenend.org.uk>
List-Unsubscribe: ,
List-Post:
List-Help:
List-Subscribe: ,
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: xen-devel@lists.xenproject.org
Cc: Ian Jackson , Ian Jackson
List-Id: xen-devel@lists.xenproject.org
- For Predisclosure list application process
- For Handling of embargoed information"
No semantic change.
Signed-off-by: Ian Jackson
Signed-off-by: Ian Jackson
---
security_vulnerability_process.html | 2 ++
1 file changed, 2 insertions(+)
diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html
index 4ed0042..010cf76 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -186,6 +186,7 @@ addresses.)
of the advisory and patches, with a clearly marked embargo date, as
soon as they are available. The pre-disclosure list will also receive
copies of public advisories when they are first issued or updated
+Handling of embargoed information
Organizations on the pre-disclosure list are expected to maintain
the confidentiality of the vulnerability up to the embargo date which
security@xenproject have agreed with the discoverer, and are
@@ -214,6 +215,7 @@ following:
NOTE: Prior v2.2 of this policy (25 June 2014) it was
permitted to also make available the allocated CVE number. This is no
longer permitted in accordance with MITRE policy.
+Predisclosure list membership application process
Organisations who meet the criteria should contact
security@xenproject if they wish to receive pre-disclosure of
advisories. Please include in the e-mail:
--
1.7.10.4