Clarify the scope of the process to just the hypervisor project

Other projects are handled on a best effort basis by the project lead
with the assistance of the security team.

See <20448.49637.38489.246434@mariner.uk.xensource.com>, section
    "9. Vulnerability process scope"

diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html
index 0557556f2802310f65998e74ec25aeb83b4f679a..70356c65be32e1f1dfa864936839ebeb90c91678 100644 (file)
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -77,6 +77,9 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript src=/globals/mmenuns4.js><\/scr
     will treat with respect the requests of discoverers, or other vendors, who
     report problems to us.</p>
 
+    <h2>Scope of this process</h2>
+    <p>This process primarily covers the <a href="http://www.xen.org/products/xenhyp.html">Xen Hypervisor Project</a>. Vulnerabilties reported against other Xen.org projects will be handled on a best effort basis by the relevant Project Lead together with the security team.</p>
+
     <h2>Specific process</h2>
     <ol type="1">
     <li><p>We request that anyone who discovers a vulnerability in xen.org