Date: Mon, 25 Jun 2012 13:30:06 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: security@....org Subject: Xen vulnerability disclosure process, recent timeline Hi, Here's a surprisingly detailed posting on Xen's vulnerability disclosure process and how the recent set of issues was handled (detailed timeline): http://lists.xen.org/archives/html/xen-devel/2012-06/msg01072.html As always, this is all about tradeoffs, and many of the issues sound very familiar - yet I appreciate this level of transparency. Regarding Xen's "pre-disclosure list", are messages on it PGP-encrypted to the recipients? Perhaps this should be made a requirement and mentioned at http://www.xen.org/projects/security_vulnerability_process.html It feels likely that in practice most leaks will be via means unaffected by the use of encryption, yet using PGP encryption is worthwhile. Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.