[cabfpub] Breach Insurance

Phillip Hallam-Baker philliph at comodo.com
Thu Dec 18 23:36:08 UTC 2014


I don’t particularly mind what type of insurance it is, provided that it means that the activities of the CA are going to be overseen by some party who would have skin in the game in the case of a breach.

Audits are fine but the auditors don’t have skin in the game. 


On Dec 18, 2014, at 6:24 PM, Dean Coclin <Dean_Coclin at symantec.com> wrote:

> Thanks Ben. I’m assuming you are posting this with regards to the recent insurance debate. Although I was initially opposed to dropping the EV Insurance requirement, my thinking has changed as others have posted facts about the type of insurance that the EVGL require and appropriateness to its intended use. Symantec’s current position would be in favor of ballot 142 (Gerv’s elimination ballot). The article you linked to below seems to favor a different type of insurance than what we currently require. Are you thinking of proposing a change to the insurance type (i.e. Cyberbreach/cyberliability insurance)?
>  
> Dean
>  
> From: public-bounces at cabforum.org [mailto:public-bounces at cabforum.org] On Behalf Of Ben Wilson
> Sent: Thursday, December 18, 2014 10:42 AM
> To: CABFPub
> Subject: [cabfpub] Breach Insurance
>  
> Received this in my email today:
>  
> http://www.usatoday.com/story/tech/2014/12/09/security-data-breach-insurance-target/20011477/
> Cheers,
> 
> Ben
> 
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20141218/17a96c2d/attachment-0003.html>


More information about the Public mailing list