Thanks for the response Jeff.
On Fri, Sep 6, 2019 at 4:17 PM jeffwardpki--- via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Wednesday, August 21, 2019 at 11:46:37 PM UTC-5, Jeremy Rowley wrote:
> > Hey all,
> >
> > An interesting issue came up recently with audits.
On Wednesday, August 21, 2019 at 11:46:37 PM UTC-5, Jeremy Rowley wrote:
> Hey all,
>
> An interesting issue came up recently with audits. Because the Mozilla policy
> includes some requirements that diverge from the BRs, the audit criteria
> don't necessarily cover everything Mozilla cares
Dear all,
just a short note on that with regard to auditing and Audit Attestations based
upon ETSI: throughout the audit we check the incidents of the current audit
period as documented by the CA (have they been addressed at a sufficient level,
have the measures taken proven that they are
On Thu, Aug 22, 2019 at 12:46 AM Jeremy Rowley via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hey all,
>
> An interesting issue came up recently with audits. Because the Mozilla
> policy includes some requirements that diverge from the BRs, the audit
> criteria don't
: Auditor letters and incident reports
Hey all,
An interesting issue came up recently with audits. Because the Mozilla policy
includes some requirements that diverge from the BRs, the audit criteria don't
necessarily cover everything Mozilla cares about. Thus, it's possible to have
an incident
Hey all,
An interesting issue came up recently with audits. Because the Mozilla policy
includes some requirements that diverge from the BRs, the audit criteria don't
necessarily cover everything Mozilla cares about. Thus, it's possible to have
an incident that doesn't show up on an audit. It's
6 matches
Mail list logo
