Confirmed users
377
edits
CA/Responding To An Incident: Difference between revisions
→Keeping Us Informed: Updated language concerning "Next Updates"
(Changed Incident Reporting instructions to the CCADB page) |
(→Keeping Us Informed: Updated language concerning "Next Updates") |
||
| Line 64: | Line 64: | ||
= Keeping Us Informed = | = Keeping Us Informed = | ||
Once the report is posted, you should respond promptly to questions that are asked, and in no circumstances should a question linger without a response for more than one week, even if the response is only to acknowledge the question and provide a later date when an answer will be delivered. You should also provide updates at least every week giving your progress, and confirm when the remediation steps have been completed - unless | Once the report is posted, you should respond promptly to questions that are asked, and in no circumstances should a question linger without a response for more than one week, even if the response is only to acknowledge the question and provide a later date when an answer will be delivered. You should also provide updates at least every week giving your progress, and confirm when the remediation steps have been completed - unless a root store representative has agreed to a different schedule by setting a “Next Update” date in the “Whiteboard” field of the bug or has announced they consider closing the bug and no further comments have been posted. Updates to important incidents (see e.g. https://www.ccadb.org/cas/public-group#lessons-learned-from-ca-incident-reports) should be posted to either the [https://groups.google.com/a/ccadb.org/g/public CCADB Public list] or the [https://groups.google.com/a/mozilla.org/g/dev-security-policy MDSP mailing list] and the Bugzilla bug. The bug will be closed when remediation is completed. | ||
= Examples of Good Practice = | = Examples of Good Practice = | ||