On Thu, Sep 13, 2018 at 3:26 PM Wayne Thayer via dev-security-policy < [email protected]> wrote:
> Visa recently delivered new qualified audit reports for their eCommerce > Root that is included in the Mozilla program. I opened a bug [1] and > requested an incident report from Visa. > > Visa was also the subject of a thread [2] earlier this year in which I > stated that I would look into some of the concerns that were raised. I've > done that and have compiled the following issues list: > > https://wiki.mozilla.org/CA:Visa_Issues > > While I have attempted to make this list as complete, accurate, and factual > as possible, it may be updated as more information is received from Visa > and the community. > > I would like to request that a representative from Visa engage in this > discussion and provide responses to these issues. > > - Wayne > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1485851 > [2] > > https://groups.google.com/d/msg/mozilla.dev.security.policy/NNV3zvX43vE/ns8UUwp8BgAJ Compared to the seriousness and scope of these issues, this is by far a minor correction, and does not undermine any of the evaluation. However, as a pedantic note, it's noted as "PITRA" while stating "Point in Time audit". A point-in-time readiness assessment is for management's eyes only, while the report provided is just a Point in time Audit. I think just deleting the parenthetical PITRA is sufficient and just consistently used Point in Time audit. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
