Jan Beulich writes ("Re: [Xen-devel] RFC: Adding a section to the Xen security
policy about what constitutes a vulnerability"):
> "If a bug requires a vulnerable operating system to be exploitable, the
> Xen Security Team will pro-actively investigate the vulnerability of
> the following open-source operating systems: Linux, OpenBSD, FreeBSD,
> and NetBSD. The security team will also test or otherwise investigate
> the vulnerability of supported Windows versions, and it may also do so
> for some other proprietary operating systems."
I don't think we can promise to come up with a definitely conclusion
for any proprietary system, can we ? Answering such a question for
Windows is not within our power because we don't have the source code.
The question, which the above text leaves unclear, is, what do we do
if we aren't sure whether there are configurations of Windows which
have the exposed behaviour.
Ian.
_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
https://lists.xen.org/xen-devel
