On Thu, Aug 27, 2015 at 02:01:52PM +0200, Stefan Geißler wrote: > Hello kvm mailing list, > > I assume, this is a rather uncommon mailing list post since it is not > directly related to the usage or development of KVM. Instead, the following > is the case: > > I am a student of computer science and am currently working on my masters > thesis. The work in progress topic is "Mining vulnerability databases for > information on hypervisor vulnerabilities: Analyses and Predictions". In the > context of this research work i am analyzing various security related > aspects regarding different hypervisors including KVM (A simple example > contained in my analysis is the discovery process of security > vulnerabilities and how the total number of disclosed vulnerabilities > developes over time). > > The reason i am writing this post to the public mailing list is, that i am > looking for someone who might be willing to support me during my work with > (for example) information and/or personal experience. Or simply said: May i > post questions and ask for help explaining my findings from time to time or > is this too much off-topic for this mailing list?
It's not off-topic. I think it's in the interest of the community so don't be afraid to engage the mailing list with your questions or feedback on your findings. > For now the question would be, whether there is some kind of a formal > documentation of the vulnerability disclosure process or a security policy > specific for KVM? The kvm kernel module is part of Linux and there is a process for that: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/Documentation/SecurityBugs?id=HEAD The QEMU emulator does device emulation in userspace is a separate project (used by KVM and Xen). It has its own security process here: http://qemu-project.org/SecurityProcess > If someone has any information regarding this, feel free to contact me > directly through my personal mail address. Any help and information will be > greatly appreciated! Let's keep discussion on the mailing list (CC kvm@vger.kernel.org). That way others can participate and it becomes archived/searchable. Stefan -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
