Confirmed users, Administrators
5,526
edits
CA/Responding To An Incident: Difference between revisions
m
added link
(→Examples of Good Practice: Add SecureTrust example) |
m (added link) |
||
| Line 64: | Line 64: | ||
The incident report may well repeat things which have been said previously in discussions or bug comments. This is entirely expected. The report should be a summary of previous findings. The existence of data in discussions or bug comments does not excuse a CA from the task of compiling a proper incident report. | The incident report may well repeat things which have been said previously in discussions or bug comments. This is entirely expected. The report should be a summary of previous findings. The existence of data in discussions or bug comments does not excuse a CA from the task of compiling a proper incident report. | ||
Your CA may submit an incident report by creating a bug in Bugzilla under the NSS:CA Certificate Compliance component, or by posting the report to the mozilla.dev.security.policy mailing list. If an incident report is sent to the list without a corresponding bug, a new one will be created to track the incident. | Your CA may submit an incident report by [https://bugzilla.mozilla.org/enter_bug.cgi?product=NSS&component=CA%20Certificate%20Compliance creating a bug in Bugzilla under the NSS:CA Certificate Compliance component], or by posting the report to the mozilla.dev.security.policy mailing list. If an incident report is sent to the list without a corresponding bug, a new one will be created to track the incident. | ||
The incident report should cover at least the following topics: | The incident report should cover at least the following topics: | ||