- For Predisclosure list application process - For Handling of embargoed information"
No semantic change. Signed-off-by: Ian Jackson <ijack...@chiark.greenend.org.uk> Signed-off-by: Ian Jackson <ian.jack...@eu.citrix.com> --- security_vulnerability_process.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html index 4ed0042..010cf76 100644 --- a/security_vulnerability_process.html +++ b/security_vulnerability_process.html @@ -186,6 +186,7 @@ addresses.)</p> of the advisory and patches, with a clearly marked embargo date, as soon as they are available. The pre-disclosure list will also receive copies of public advisories when they are first issued or updated</p> +<h3>Handling of embargoed information</h3> <p>Organizations on the pre-disclosure list are expected to maintain the confidentiality of the vulnerability up to the embargo date which security@xenproject have agreed with the discoverer, and are @@ -214,6 +215,7 @@ following:</p> <p><em>NOTE:</em> Prior v2.2 of this policy (25 June 2014) it was permitted to also make available the allocated CVE number. This is no longer permitted in accordance with MITRE policy.</p> +<h3>Predisclosure list membership application process</h3> <p>Organisations who meet the criteria should contact security@xenproject if they wish to receive pre-disclosure of advisories. Please include in the e-mail:</p> -- 1.7.10.4 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
