Add headings

author Ian Jackson <ijackson@chiark.greenend.org.uk>

Fri, 16 Jan 2015 19:50:35 +0000 (19:50 +0000)

committer Ian Jackson <Ian.Jackson@eu.citrix.com>

Mon, 19 Jan 2015 15:07:38 +0000 (15:07 +0000)
author Ian Jackson <ijackson@chiark.greenend.org.uk>
Fri, 16 Jan 2015 19:50:35 +0000 (19:50 +0000)
committer Ian Jackson <Ian.Jackson@eu.citrix.com>
Mon, 19 Jan 2015 15:07:38 +0000 (15:07 +0000)
diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html

index 4ed0042b9ef15971a47f2cb60ab558511afcc0e0..010cf769f0dccbe3f464ece3fd645e03827d614f 100644 (file)
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -186,6 +186,7 @@ addresses.)</p>
  of the advisory and patches, with a clearly marked embargo date, as
  soon as they are available. The pre-disclosure list will also receive
  copies of public advisories when they are first issued or updated</p>
+<h3>Handling of embargoed information</h3>
  <p>Organizations on the pre-disclosure list are expected to maintain
  the confidentiality of the vulnerability up to the embargo date which
  security@xenproject have agreed with the discoverer, and are
@@ -214,6 +215,7 @@ following:</p>
  <p><em>NOTE:</em> Prior v2.2 of this policy (25 June 2014) it was
  permitted to also make available the allocated CVE number. This is no
  longer permitted in accordance with MITRE policy.</p>
+<h3>Predisclosure list membership application process</h3>
  <p>Organisations who meet the criteria should contact
  security@xenproject if they wish to receive pre-disclosure of
  advisories. Please include in the e-mail:</p>
author	Ian Jackson <ijackson@chiark.greenend.org.uk>
	Fri, 16 Jan 2015 19:50:35 +0000 (19:50 +0000)
committer	Ian Jackson <Ian.Jackson@eu.citrix.com>
	Mon, 19 Jan 2015 15:07:38 +0000 (15:07 +0000)