Dear George,
I am looping on my colleagues request to join this pre-disclosure mailing list on Xen vulnerabilities. To give more context on this request, ANSSI mission is to defend and protect French Ministries and French Critical
National Infrastructure Companies (CND operations), and for this purpose is hosting the French Governmental & National CERT: the CERT-FR. For our beneficiaries, we are monitoring and alerting on new vulnerabilities which might affects them, information are
publicly available on this page:
ANSSI is not directly using Xen products, however many of our beneficiaries are using them, and so an early warning on new vulnerabilities could help us to prepare our communications and advices.
I hope this clarify the request, please find below the information requested:
The name of your organization: Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI)
Domain name(s) which you use to provide Xen software/services: as explain above we are not directly using Xen products, however our domain is
A brief description of why you fit the criteria: ANSSI beneficiaries are users of Xen products (French administration and French critical infrastructure operators) and
ANSSI mission is to protect those entities
Link(s) to current public web pages, belonging to your organisation, for each of following pieces of information: not applicable (however more information on ANSSI mandate
can be found here:
Statements about, or descriptions of, your eligible production services or released software, from which it is immediately evident that they use Xen: Not applicable
Information about your handling of security problems: security vulnerabilities can be reported to
cert-fr.cossi@xxxxxxxxxxx (Ref: article 47, Loi pour une République numérique n° 2016-1321 du 7 octobre 2016), details are available here:
A statement to the effect that you have read this policy and agree to abide by the terms for inclusion in the list, specifically the requirements to regarding confidentiality during an embargo period:
we confirm that we have read the policy and associated information related to the embargo period, as a national cyberdefense agency we are used to handle classified and sensitive information
The single (non-personal) email alias you wish added to the predisclosure list:
Thank you for your assistance and we are available if you need more information on this request.
Best regards,

Coordinateur des partenaires du secteur privé / Operational partners management
Sous-direction Opérations / Cybersecurity Operation Center
Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) / French National Cybersecurity Agency
Mail : julien.masson@xxxxxxxxxxx

