[Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability

Andrea Holland AHolland at securetrust.com
Mon Feb 8 19:54:56 UTC 2021 

SecureTrust votes Yes on SC39v3.

From: Servercert-wg <servercert-wg-bounces at cabforum.org> On Behalf Of Neil Dunbar via Servercert-wg
Sent: Tuesday, February 2, 2021 9:29 AM
To: servercert-wg at cabforum.org
Subject: Re: [Servercert-wg] VOTING BEGINS: Ballot SC39v3: Definition of Critical Vulnerability


Resend: adding the ballot title to the mail thread.
On 02/02/2021 14:15, Neil Dunbar via Servercert-wg wrote:
Colleagues,

This begins the voting period for ballot SC39v3: Definition of Critical Vulnerability.

The following motion has been proposed by Neil Dunbar of TrustCor and endorsed by Ben Wilson (Mozilla) and Corey Bonnell (DigiCert).

-- MOTION BEGINS --

This ballot modifies the “Network and Certificate System Security Requirements” based on Version 1.5.

Under the section “Definitions”:

Remove the current definition:

Critical Vulnerability: A system vulnerability that has a CVSS score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see http://nvd.nist.gov/home.cfm<http://scanmail.trustwave.com/?c=4062&d=x-GZ4E9KjFXVlWyo_zdrbGhIkhuXOOApiifMz1dzDw&s=5&u=http%3a%2f%2fnvd%2enist%2egov%2fhome%2ecfm>), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.

Insert a new definition:

Critical Vulnerability: A system vulnerability that has a CVSS v2.0 score of 7.0 or higher according to the NVD or an equivalent to such CVSS rating (see https://nvd.nist.gov/vuln-metrics/cvss<https://scanmail.trustwave.com/?c=4062&d=x-GZ4E9KjFXVlWyo_zdrbGhIkhuXOOApiiCbzwQmDA&s=5&u=https%3a%2f%2fnvd%2enist%2egov%2fvuln-metrics%2fcvss>), or as otherwise designated as a Critical Vulnerability by the CA or the CA/Browser Forum.

-- MOTION ENDS --

* WARNING *: USE AT YOUR OWN RISK. THE REDLINE BELOW IS NOT THE OFFICIAL VERSION OF THE CHANGES (CABF Bylaws, Section 2.4(a)):

A comparison of the changes can be found at:

https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split<https://scanmail.trustwave.com/?c=4062&d=x-GZ4E9KjFXVlWyo_zdrbGhIkhuXOOApii2dmQMlCg&s=5&u=https%3a%2f%2fgithub%2ecom%2fcabforum%2fservercert%2fcompare%2f2b7720f%2e%2e%2eneildunbar%3a61fd381%3fdiff%3dsplit>

This ballot proposes one Final Maintenance Guideline.

The procedure for approval of this ballot is as follows:

Vote for approval    (7 days)

Start Time: 2020-02-02 1700 UTC
End Time: 2020-02-09 1700 UTC

Regards,

Neil
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210208/bc64602f/attachment-0001.html>

More information about the Servercert-wg mailing list