This event has ended. Visit the official site or create your own event on Sched.
View analytic
Thursday, July 13 • 16:35 - 17:35
Design Session: Loose ends for becoming a CNA (CVE Numbering Authorities) and other Security Team Operational Questions - Ian Jackson, Citrix & Lars Kurth, Citrix

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The Xen Project has in-principle agreement to become a CVE Numbering Authority. However to do this, we need to define the scope of the CNA. A number of have worked on this, but we need some community inout.

Consolidate Security Coverage Documents
Consolidate security coverage documents where possible (we have a proposal). Specifically
  • Review the proposal (currently in a google doc - export attached) 
  • Review the scope (currently in a google doc) - this may involve clarifying the supported status of some components 

Once we have agreement, we basically just need to document the outcome, publish it and get the process started.

Other Operational Issues

Possible/Proposed Process Changes?

  • Bundling of issues / once every other week or monthly XSA publication?
  • Include maintainers on pre-disclosure when affected and not on security team 

avatar for Lars Kurth

Lars Kurth

Director, Citrix
Lars Kurth is a highly effective, passionate community manager with strong experience of working with open source communities (Symbian, Symbian DevCo, Eclipse, GNU) and currently is community manager for the Xen Project. Lars has 9 years of experience building and leading enginee... Read More →

avatar for Ian Jackson

Ian Jackson

Ian Jackson is a Xen committer and maintainer. He is the primary maintainer for osstest, the Xen Project's automated testing system. By day Ian works for Citrix as part of the Open Source Xen Project team. By night he is a longstanding contributor to the Debian Project, currently... Read More →

Thursday July 13, 2017 16:35 - 17:35
Valletta Conference Centre II

Attendees (1)