On 12/09/16 19:02, Jakob Bohm wrote: > Wouldn't this fall under the general auditable requirement of being > careful in their practices and procedures.
Ask an auditor, and they will tell you that "be careful" is not an auditable requirement. Gerv _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy