[Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability

Ryan Sleevi sleevi at google.com
Mon Feb 8 15:04:11 UTC 2021


Google votes YES on SC39v3

On Tue, Feb 2, 2021 at 9:29 AM Neil Dunbar via Servercert-wg <
servercert-wg at cabforum.org> wrote:

> Resend: adding the ballot title to the mail thread.
> On 02/02/2021 14:15, Neil Dunbar via Servercert-wg wrote:
>
> Colleagues,
>
> This begins the voting period for ballot SC39v3: Definition of Critical
> Vulnerability.
>
> The following motion has been proposed by Neil Dunbar of TrustCor and
> endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).
>
> -- MOTION BEGINS --
>
> This ballot modifies the “Network and Certificate System Security
> Requirements” based on Version 1.5.
>
> Under the section “Definitions”:
>
> Remove the current definition:
>
> Critical Vulnerability: A system vulnerability that has a CVSS score of
> 7.0 or higher according to the NVD or an equivalent to such CVSS rating
> (see http://nvd.nist.gov/home.cfm), or as otherwise designated as a
> Critical Vulnerability by the CA or the CA/Browser Forum.
>
> Insert a new definition:
>
> Critical Vulnerability: A system vulnerability that has a CVSS v2.0 score
> of 7.0 or higher according to the NVD or an equivalent to such CVSS rating
> (see https://nvd.nist.gov/vuln-metrics/cvss), or as otherwise designated
> as a Critical Vulnerability by the CA or the CA/Browser Forum.
>
> -- MOTION ENDS --
>
> * WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL
> VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):
>
> A comparison of the changes can be found at:
>
>
> https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split
>
> This ballot proposes one Final Maintenance Guideline.
>
> The procedure for approval of this ballot is as follows:
>
> Vote for approval    (7 days)
>
> Start Time: 2020-02-02 1700 UTC
> End Time: 2020-02-09 1700 UTC
>
> Regards,
>
> Neil
>
> _______________________________________________
> Servercert-wg mailing list
> Servercert-wg at cabforum.org
> https://lists.cabforum.org/mailman/listinfo/servercert-wg
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210208/43fa7e82/attachment.html>


More information about the Servercert-wg mailing list