Re: Symantec Response Q
Hi Steve, Quick questions: 1) What does Symantec believe is a reasonable timeframe to remedy these issues? 2) You stated 18 months, but the issues were present from the 2013/2014 audits, the 2014/2015 audits, and the 2015/2016 audits, all as noted in Issue V. In total, this period spans 30 months, if we assume the split audits beginning 2016-06-16. a) How do you explain this discrepancy between 18 months and 30 months? b) How should the community see this matter? ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Symantec Response Q
Issue Q: Symantec Audit Issues 2016 (December 2015 - November 2016) In our 2014-2015 audits, certain issues were identified that we promptly took action on, including addressing the test certificate incident. We continued these efforts until the Point in Time audit was conducted. We split the 2015-2016 audit reports in order to be fully transparent with the community about our operations after that work was completed. When viewing these sets of audits together, the community can see the steady progress we have made over the past 18 months, in line with our commitment to continually improving and enhancing our processes. ___ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy