[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-announce] Security vulnerability process, and CVE-2012-0217



The Xen.org security response team is charged with implementing the
Xen security response process, the current version of which can be
found here:

    http://www.xen.org/projects/security_vulnerability_process.html

Over the past two months we on that team have been involved with
XSA-7 / CVE-2012-0217 and its various fallout.

During this exercise we have encountered some problems with the
process.  The process needs improvement.  Also, we have had to make
some difficult decisions.  We feel it is essential for keeping us
honest that we explain to the community what we did, and when.

A message starting this discussion has just been posted to the
xen-devel mailing list:
    http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html

The outcome of this discussion will be a set of changes to be agreed
on and/or voted on using the existing Xen.org governance processes:
    http://www.xen.org/projects/governance.html

This discussion will take place on xen-devel.  We expect it to take
some weeks.  We welcome the views of everyone in the Xen community -
please come and have your say.

Thanks for your attention,
Ian.
on behalf of the Xen.org security response team

_______________________________________________
Xen-announce mailing list
Xen-announce@xxxxxxxxxxxxx
http://lists.xen.org/xen-announce


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.