|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] Security support scope (apropos of Xen and CNA)
To become a CNA (CVE Numbering Authority), which we would like to do, we need to provide MITRE's CNA programme with a definition of the scope of our CNA. That should be the scope of our general security support, clearly. At the moment we don't seem to have this written down in a single clear document. I am aware of the following places which can contain information about security support (normally, in the form of statements saying that certain things are not supported): * https://wiki.xenproject.org/wiki/Xen_Project_Release_Features has a table of versions with security support, and information about some features. * xen.git:docs/misc/qemu-xen-security, limits security support to some configurations. * xen.git:MAINTAINERS might in principle have a status not implying security support. * Docs for an individual feature (eg in xl docs) might say that the feature is not advised, or not supported, or something. * Previous XSA advisories might withdraw support. This diversity of information sources is rather unsatisfactory. I think we need to at least reduce the number of different information sources. Also we need an overview document which points to them all. Where should this overview document be ? Which of the above sources should be coalesced into which others ? Ian. _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxx https://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |