Confirmed users, Administrators
5,526
edits
CA/Responding To An Incident: Difference between revisions
Jump to navigation
Jump to search
m
Added link to a good example of an incident report
(De-emphasized misissuance to highlight other causes of incidents and emphasized areas that required additional emphasis, such as the level of detail in CA explanations) |
m (Added link to a good example of an incident report) |
||
| Line 58: | Line 58: | ||
= Incident Report = | = Incident Report = | ||
[https://bugzilla.mozilla.org/show_bug.cgi?id=1690807#c2 Example Incident Report] | |||
<br /> | |||
The purpose of incident reporting is to help all of us work together to build a more secure web. Therefore, the incident report should share lessons learned that could be helpful to all CAs to build better systems. The incident report should explain how the systems failed, how was the mis-issuance or incident possible, and why the problem was not detected earlier. In addition to the timeline of responding to and resolving the incident, the incident report should explain how the CA's systems will be made more robust, and how other CAs may learn from the incident. | The purpose of incident reporting is to help all of us work together to build a more secure web. Therefore, the incident report should share lessons learned that could be helpful to all CAs to build better systems. The incident report should explain how the systems failed, how was the mis-issuance or incident possible, and why the problem was not detected earlier. In addition to the timeline of responding to and resolving the incident, the incident report should explain how the CA's systems will be made more robust, and how other CAs may learn from the incident. | ||