From: Ian Campbell <ian.campbell@citrix.com>
Date: Thu, 16 Aug 2012 14:27:00 +0000 (+0100)
Subject: Clarify the scope of the process to just the hypervisor project
X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=0088ddf303e206ea7c9dd3356cc4612ab2562e35;p=people%2Flarsk%2Fsecurity-process.git

Clarify the scope of the process to just the hypervisor project

Other projects are handled on a best effort basis by the project lead
with the assistance of the security team.

See <20448.49637.38489.246434@mariner.uk.xensource.com>, section
    "9. Vulnerability process scope"
---

diff --git a/security_vulnerability_process.html b/security_vulnerability_process.html
index 0557556..70356c6 100644
--- a/security_vulnerability_process.html
+++ b/security_vulnerability_process.html
@@ -77,6 +77,9 @@ if(ns4)_d.write("<scr"+"ipt type=text/javascript src=/globals/mmenuns4.js><\/scr
     will treat with respect the requests of discoverers, or other vendors, who
     report problems to us.</p>
 
+    <h2>Scope of this process</h2>
+    <p>This process primarily covers the <a href="http://www.xen.org/products/xenhyp.html">Xen Hypervisor Project</a>. Vulnerabilties reported against other Xen.org projects will be handled on a best effort basis by the relevant Project Lead together with the security team.</p>
+
     <h2>Specific process</h2>
     <ol type="1">
     <li><p>We request that anyone who discovers a vulnerability in xen.org