Hi all, If you have feedback on this topic, we would love to hear your thoughts.
Thank you! -Clint > On Jul 20, 2023, at 8:19 AM, 'Clint Wilson' via CCADB Public > <[email protected]> wrote: > > All, > > During the CA/Browser Forum Face-to-Face 59 meeting, several Root Store > Programs expressed an interest in improving Web PKI incident reporting. > > The CCADB Steering Committee is interested in this community’s > recommendations on improving the standards applicable to and the overall > quality of incident reports submitted by Certification Authority (CA) Owners. > We aim to facilitate effective collaboration, foster transparency, and > promote the sharing of best practices and lessons learned among CAs and the > broader community. > > Currently, some Root Store Programs require incident reports from CA Owners > to address a list of items in a format detailed on ccadb.org > <http://ccadb.org/> [1]. While the CCADB format provides a framework for > reporting, we would like to discuss ideas on how to improve the quality and > usefulness of these reports. > > We would like to make incident reports more useful and effective where they: > > Are consistent in quality, transparency, and format. > Demonstrate thoroughness and depth of investigation and incident analysis, > including for variants. > Clearly identify the true root cause(s) while avoiding restating the issue. > Provide sufficient detail that enables other CA Owners or members of the > public to comprehend and, where relevant, implement an equivalent solution. > Present a complete timeline of the incident, including the introduction of > the root cause(s). > Include specific, actionable, and timebound steps for resolving the issue(s) > that contributed to the root cause(s). > Are frequently updated when new information is found and steps for resolution > are completed, delayed, or changed. > Allow a reader to quickly understand what happened, the scope of the impact, > and how the remediation will sufficiently prevent the root cause of the > incident from reoccuring. > > We appreciate, to state it lightly, members of this community and the general > public who generate and review reports, offer their understanding of the > situation and impact, and ask clarifying questions. > > Call to action: In the spirit of continuous improvement, we are requesting > (and very much appreciate) this community’s suggestions for how CA incident > reporting can be improved. > > Not every suggestion will be implemented, but we will commit to reviewing all > suggestions and collectively working towards an improved standard. > > Thank you > -Clint, on behalf of the CCADB Steering Committee > > [1] https://www.ccadb.org/cas/incident-report > > -- > You received this message because you are subscribed to the Google Groups > "CCADB Public" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <mailto:[email protected]>. > To view this discussion on the web visit > https://groups.google.com/a/ccadb.org/d/msgid/public/3B253FFF-4070-4F0E-95D2-166FAC01C5A7%40apple.com > > <https://groups.google.com/a/ccadb.org/d/msgid/public/3B253FFF-4070-4F0E-95D2-166FAC01C5A7%40apple.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/6519E364-F7FB-438F-9D18-AFF416554857%40apple.com.
smime.p7s
Description: S/MIME cryptographic signature
