[Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability

Clark, Adam Adam.Clark at visa.com
Tue Feb 2 18:39:32 UTC 2021


Visa votes YES to ballot SC39v3.


V.R.

Adam Clark

________________________________________________________________________________________________________
Adam Clark |Sr Director -Applied Cryptography |Cybersecurity Security Architecture| Visa Inc.  | T. 571-439-7580 | C. 571-442-3271│ Adam.Clark at Visa.com<mailto:Adam.Clark at Visa.com> │

[cid:image001.png at 01D6F968.D5D66180]

NOTICE: The information contained in this transmission (including any attachments) is confidential and may be privileged. It is intended only for the use of the individual or entity named above. If you are not the intended recipient, dissemination, distribution, or copy of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of this message and its attachments and notify me immediately.

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Neil Dunbar via Servercert-wg
Sent: Tuesday, February 2, 2021 9:29 AM
To: servercert-wg at cabforum.org
Subject: Re: [Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability


Resend: adding the ballot title to the mail thread.
On 02/02/2021 14:15, Neil Dunbar via Servercert-wg wrote:
Colleagues,

This begins the voting period for ballot SC39v3: Definition of Critical Vulnerability.

The following motion has been proposed by Neil Dunbar of TrustCor and endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).

-- MOTION BEGINS --

This ballot modifies the “Network and Certificate System Security Requirements” based on Version 1.5.

Under the section “Definitions”:

Remove the current definition:

Critical Vulnerability: A system vulnerability that has a CVSS score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see http://nvd.nist.gov/home.cfm), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.

Insert a new definition:

Critical Vulnerability: A system vulnerability that has a CVSS v2.0 score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.

-- MOTION ENDS --

* WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):

A comparison of the changes can be found at:

https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split

This ballot proposes one Final Maintenance Guideline.

The procedure for approval of this ballot is as follows:

Vote for approval    (7 days)

Start Time: 2020-02-02 1700 UTC
End Time: 2020-02-09 1700 UTC

Regards,

Neil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210202/be99197f/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 11876 bytes
Desc: image001.png
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210202/be99197f/attachment-0001.png>


More information about the Servercert-wg mailing list