Skip to content

Instantly share code, notes, and snippets.

View gist:5446082
<h1>Xen.org Security Problem Response Process</h1>
<h2>Introduction</h2>
<p>Computer systems have bugs. Currently recognised best practice for bugs
with security implications is to notify significant downstream users in
private; leave a reasonable interval for downstreams to respond and prepare
updated software packages; then make public disclosure.</p>
<p>We want to encourage people to report bugs they find to us. Therefore we
will treat with respect the requests of discoverers, or other vendors, who
report problems to us.</p>