George Dunlap writes ("[Xen-devel] RFC: Adding a section to the Xen security 
policy about what constitutes a vulnerability"):
> If a bug requires a vulnerable operating system to be exploitable, the
> Xen Security Team will pro-actively investigate the vulnerability of
> the following open-source operating systems: Linux, OpenBSD, FreeBSD,
> and NetBSD.  The security team may also test or otherwise investigate
> the vulnerability of some proprietary operating systems.

I like this whole document.


I think the paragraph I quote above is the most difficult but it
strikes the right balance between what we can promise and what we
would like to deliver.


Xen-devel mailing list

Reply via email to