[Servercert-wg] VOTING BEGINS: Ballot SC39v3:
Neil Dunbar
ndunbar at trustcorsystems.com
Tue Feb 2 14:15:44 UTC 2021
Colleagues,
This begins the voting period for ballot SC39v3: Definition of Critical
Vulnerability.
The following motion has been proposed by Neil Dunbar of TrustCor and
endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).
-- MOTION BEGINS --
This ballot modifies the “Network and Certificate System Security
Requirements” based on Version 1.5.
Under the section “Definitions”:
Remove the current definition:
Critical Vulnerability: A system vulnerability that has a CVSS score of
7.0 or higher according to the NVD or an equivalent to such CVSS rating
(see http://nvd.nist.gov/home.cfm), or as otherwise designated as a
Critical Vulnerability by the CA or the CA/Browser Forum.
Insert a new definition:
Critical Vulnerability: A system vulnerability that has a CVSS v2.0
score of 7.0 or higher according to the NVD or an equivalent to such
CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss), or as
otherwise designated as a Critical Vulnerability by the CA or the
CA/Browser Forum.
-- MOTION ENDS --
* WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL
VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
A comparison of the changes can be found at:
https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split
This ballot proposes one Final Maintenance Guideline.
The procedure for approval of this ballot is as follows:
Vote for approval (7 days)
Start Time: 2020-02-02 1700 UTC
End Time: 2020-02-09 1700 UTC
Regards,
Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210202/680c6844/attachment.html>
More information about the Servercert-wg
mailing list