Loading…
This event has ended. Visit the official site or create your own event on Sched.
Thursday, July 13 • 16:35 - 17:35
Design Session: Loose ends for becoming a CNA (CVE Numbering Authorities) and other Security Team Operational Questions - Ian Jackson, Citrix & Lars Kurth, Citrix

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The Xen Project has in-principle agreement to become a CVE Numbering Authority. However to do this, we need to define the scope of the CNA. A number of have worked on this, but we need some community inout.

Consolidate Security Coverage Documents
Consolidate security coverage documents where possible (we have a proposal). Specifically
  • Review the proposal (currently in a google doc - export attached) 
  • Review the scope (currently in a google doc) - this may involve clarifying the supported status of some components 

Once we have agreement, we basically just need to document the outcome, publish it and get the process started.

Other Operational Issues


Possible/Proposed Process Changes?

  • Bundling of issues / once every other week or monthly XSA publication?
  • Include maintainers on pre-disclosure when affected and not on security team 

Moderators
avatar for Lars Kurth

Lars Kurth

Director Open Source / Project Chairperson The Xen Project , Citrix
Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is the community manager for the Xen Project. Lars has 12 years of experience building and leading engineering... Read More →

Speakers
avatar for Ian Jackson

Ian Jackson

Xen Committer, Citrix
Ian is a longstanding contributor to the Xen Project, working for Citrix as Xen committer, maintainer, security team member, CI system owner, etc.  Ian's other interests include a strong connection to the Debian Project.



Thursday July 13, 2017 16:35 - 17:35
Valletta Conference Centre II

Attendees (1)