From mboxrd@z Thu Jan  1 00:00:00 1970
From: Joanna Rutkowska <joanna@invisiblethingslab.com>
Subject: Re: Security discussion: Summary of proposals and
 criteria (was Re: Security vulnerability process, and CVE-2012-0217)
Date: Mon, 09 Jul 2012 15:40:38 +0200
Message-ID: <4FFADF56.7010206@invisiblethingslab.com>
References: <CC209C99.38023%keir.xen@gmail.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="===============9167059577048146056=="
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <CC209C99.38023%keir.xen@gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Keir Fraser <keir.xen@gmail.com>
Cc: Matt Wilson <msw@amazon.com>, Stefano Stabellini <stefano.stabellini@eu.citrix.com>, George Dunlap <George.Dunlap@eu.citrix.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>, Lars Kurth <lars.kurth@xen.org>, Jan Beulich <JBeulich@suse.com>
List-Id: xen-devel@lists.xenproject.org

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============9167059577048146056==
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigBBE41F2C016EC72D6561AD0F"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigBBE41F2C016EC72D6561AD0F
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 07/09/12 15:35, Keir Fraser wrote:
> On 09/07/2012 14:25, "Joanna Rutkowska" <joanna@invisiblethingslab.com>=

> wrote:
>=20
>>> >> If you're into security industry (going to conferences, etc) you
>>> >> certainly know the right people who would be delight to buy exploi=
ts
>>> >> from you, believe me ;) Probably most Xen developers don't fit int=
o this
>>> >> crowd, true, but then again, do you think it would be so hard for =
an
>>> >> interested organization to approach one of the Xen developers on t=
he
>>> >> pre-disclousure list? How many would resist if they had a chance t=
o cash
>>> >> in some 7-figure number for this (I read in the press that hot
>>> >> bugs/exploits sell for this amount actually)?
>> >=20
>> > (Correction: I meant a 6-figure number)
> Thought I was in the wrong end of the business there for a while. ;)
>=20
>=20

:) Yeah, I actually re-read my message when reading my 'xen-devel'
folder, and spotted the typo. A few hundred bucks for an exploit --
still not bad IMHO...


joanna.


--------------enigBBE41F2C016EC72D6561AD0F
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEcBAEBAgAGBQJP+t9WAAoJEDaIqHeRBUM0FeoIAIW/EQv3v5Z0P5Lp9UKaV/P5
ndtezK67KbceFUH88gYQvUN8/xC6UxJnmcs5wN9rcv3id1lPHzR7rogNzoYrxvU9
jjU7nn4rGCHGHX8JRqU5UnLkk2kxihWzMe239X9II1o5REc1PpFmLylwHq5auPSi
d1X6KLsutCJPMK88maMyuGxAg8fVi+CmN5BLWX6CS/QM0K0OdaZXVrZ7nyW4acjP
Vwm6SSPwcCOx+ZK4WmDmDKgqJF2r5jW4Y+ku69C51Wm6VpFHKP5qlOMBtkR+ohPM
H+yKZE1a1BLs4HxvTSx0P2jsJ3z2H63ESfVkG2BsITtJN3UHkqYJEG0dATvjUe0=
=HKBq
-----END PGP SIGNATURE-----

--------------enigBBE41F2C016EC72D6561AD0F--


--===============9167059577048146056==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Xen-devel mailing list
Xen-devel@lists.xen.org
http://lists.xen.org/xen-devel

--===============9167059577048146056==--