Discuss post-embargo disclosure of potentially controversial private decisions

author Ian Campbell <ian.campbell@citrix.com>

Thu, 16 Aug 2012 14:45:06 +0000 (15:45 +0100)

committer Ian Campbell <ian.campbell@citrix.com>

Thu, 23 Aug 2012 11:29:23 +0000 (12:29 +0100)
author Ian Campbell <ian.campbell@citrix.com>
Thu, 16 Aug 2012 14:45:06 +0000 (15:45 +0100)
committer Ian Campbell <ian.campbell@citrix.com>
Thu, 23 Aug 2012 11:29:23 +0000 (12:29 +0100)
diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html

index 70356c65be32e1f1dfa864936839ebeb90c91678..b8ce69d0d9a57e03a4076a6833fbeba19b0e2773 100644 (file)
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -147,6 +147,18 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript src=/globals/mmenuns4.js><\/scr
         public advisory.  This will also be sent to the pre-disclosure
         list.</p>
      </li>
+
+    <li><p><b>Post embargo transparency:</b></p>
+    <p>During an embargo period the Xen.org security response team may
+    be required to make potentially controverial decisions in private,
+    since they cannot confer with the community without breaking the
+    embargo. The security team will attempt to make such decisions
+    following the guidance of this document and where necessary their
+    own best judgement. Following the embargo period any such
+    decisions will be disclosed to the community in the interests of
+    transparency and to help provide guidance should a similar
+    decision be required in the future.</p>
+    </li>
      </ol>
      
      <h2>Embargo and disclosure schedule</h2>
author	Ian Campbell <ian.campbell@citrix.com>
	Thu, 16 Aug 2012 14:45:06 +0000 (15:45 +0100)
committer	Ian Campbell <ian.campbell@citrix.com>
	Thu, 23 Aug 2012 11:29:23 +0000 (12:29 +0100)