[Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability

Aaron Gable aaron at letsencrypt.org
Thu Feb 4 17:04:11 UTC 2021


ISRG / Let's Encrypt votes yes on ballot SC39v3.

On Thu, Feb 4, 2021 at 1:38 AM Wojciech Trapczyński via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Certum votes YES on ballot SC39v3.
>
> W dniu 02.02.2021 o 15:29, Neil Dunbar via Servercert-wg pisze:
> > Resend: adding the ballot title to the mail thread.
> >
> > On 02/02/2021 14:15, Neil Dunbar via Servercert-wg wrote:
> >>
> >> Colleagues,
> >>
> >> This begins the voting period for ballot SC39v3: Definition of
> >> Critical Vulnerability.
> >>
> >> The following motion has been proposed by Neil Dunbar of TrustCor and
> >> endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).
> >>
> >> -- MOTION BEGINS --
> >>
> >> This ballot modifies the “Network and Certificate System Security
> >> Requirements” based on Version 1.5.
> >>
> >> Under the section “Definitions”:
> >>
> >> Remove the current definition:
> >>
> >> Critical Vulnerability: A system vulnerability that has a CVSS score
> >> of 7.0 or higher according to the NVD or an equivalent to such CVSS
> >> rating (see http://nvd.nist.gov/home.cfm), or as otherwise designated
> >> as a Critical Vulnerability by the CA or the CA/Browser Forum.
> >>
> >> Insert a new definition:
> >>
> >> Critical Vulnerability: A system vulnerability that has a CVSS v2.0
> >> score of 7.0 or higher according to the NVD or an equivalent to such
> >> CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss), or as
> >> otherwise designated as a Critical Vulnerability by the CA or the
> >> CA/Browser Forum.
> >>
> >> -- MOTION ENDS --
> >>
> >> * WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE
> >> OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
> >>
> >> A comparison of the changes can be found at:
> >>
> >>
> https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split
> >>
> >>
> >> This ballot proposes one Final Maintenance Guideline.
> >>
> >> The procedure for approval of this ballot is as follows:
> >>
> >> Vote for approval    (7 days)
> >>
> >> Start Time: 2020-02-02 1700 UTC
> >> End Time: 2020-02-09 1700 UTC
> >>
> >> Regards,
> >>
> >> Neil
> >
> > _______________________________________________
> > Servercert-wg mailing list
> > Servercert-wg at cabforum.org
> > https://lists.cabforum.org/mailman/listinfo/servercert-wg
> >
>
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210204/891d3eb1/attachment-0001.html>


More information about the Servercert-wg mailing list