Changes

CA/Responding To An Incident

230 bytes added, 03:36, 20 April 2022

→‎Incident Report: Edited section on multiple incident reports

Each incident should result in an incident report, written as soon as the problem is fully diagnosed and (temporary or permanent) measures have been put in place to make sure it will not re-occur. If the permanent fix is going to take significant time to implement, you should not wait until this is done before issuing the report. We expect to see incident reports as soon as possible, and certainly within two weeks of the initial issue report. While remediation work may still be ongoing, a satisfactory incident report will serve to resolve the issue from a Mozilla perspective.

~~CAs~~ There should be a single incident report for each distinct matter, and CA operators should submit an additional, separate incident report when:* Mozilla policy requires that the CA revoke one or more certificates by a certain deadline, such as those in BR section 4.9, but that deadline is will not be or has not been met by the CA.

* In the process of researching one incident, another incident with a distinct root cause and/or remediation is discovered.

* An audit report or conformity assessment contains more than one qualification, major non-conformity, or other adverse finding.

* After an incident bug is marked resolved, the incident reoccurs.

Bwilson

Confirm

377

edits

Changes

CA/Responding To An Incident

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

How to Contribute

MozillaWiki

Around Mozilla

Tools