This is true but I can see her point of view as someone with a product that
is based on the open source core. There have been a lot of very drastic
changes that would cause someone with a product to have to do a significant
amount of re-engineering. Also how many different toolstacks have their
bee
> On 11 Nov 2015, at 11:36, Chris Laprise wrote:
>
> Hello...
>
> On 11/10/2015 05:52 AM, Lars Kurth wrote:
>> Hi everyone,
>>
>> firstly I wanted to thank everyone for raising this issue. I wanted to point
>> out that we are not talking about a security process here, but the
>> development
Hello...
On 11/10/2015 05:52 AM, Lars Kurth wrote:
Hi everyone,
firstly I wanted to thank everyone for raising this issue. I wanted to
point out that we are not talking about a security process here, but
the development process. Or more accurately the cost of writing more
secure code and the
On Tue, Nov 10, 2015 at 1:09 PM, Lars Kurth
wrote:
>
> > On 9 Nov 2015, at 18:15, Wojtek Porczyk
> wrote:
> >
> > On Mon, Nov 09, 2015 at 04:31:58PM +, Franz wrote:
> >> Perhaps a way out of this impasse is to put bounties on Xen security
> tasks
> >> identified by Joanna and properly advert
> On 9 Nov 2015, at 18:15, Wojtek Porczyk wrote:
>
> On Mon, Nov 09, 2015 at 04:31:58PM +, Franz wrote:
>> Perhaps a way out of this impasse is to put bounties on Xen security tasks
>> identified by Joanna and properly advertise these bounties to Xen users.
>> [snip]
>
> This is fundamental
Hi everyone,
firstly I wanted to thank everyone for raising this issue. I wanted to point
out that we are not talking about a security process here, but the development
process. Or more accurately the cost of writing more secure code and the
relative importance of security compared to features
As usual. Security, performance, convenience, price. Pick any mixture.
As is usual for most software, developer convenience trumps most other
considerations. I include ease of generating nice papers and jobs
under developer convenience.
Big players are much more concerned about performance, which
On Mon, Nov 09, 2015 at 04:31:58PM +, Franz wrote:
> Perhaps a way out of this impasse is to put bounties on Xen security tasks
> identified by Joanna and properly advertise these bounties to Xen users.
> [snip]
This is fundamentaly wrong idea. Security isn't something you can
"apply" or put b
On Mon, Nov 9, 2015 at 12:11 PM, Jan Beulich wrote:
> >>> On 06.11.15 at 18:22, wrote:
> > 1. First of all, I wish Xen was somehow more defensively coded. To
> provide
> > some
> > examples:
> >
> > a. In XSA-109 [5] there was a problem with the hypervisor dereferencing a
> > NULL
> > pointer. T