Confirm, administrator
5,526
edits
Changes
m
Changed Bugzilla Product from NSS to CA Program per Bugzilla Bug #1799573
The incident report may well repeat things which have been said previously in discussions or bug comments. This is entirely expected. The report should be a summary of previous findings. The existence of data in discussions or bug comments does not excuse a CA from the task of compiling a proper incident report.
Your CA may submit an incident report by [https://bugzilla.mozilla.org/enter_bug.cgi?product=NSSCA%20Program&component=CA%20Certificate%20Compliance&version=other creating a bug in Bugzilla under the NSSCA Program ::CA Certificate Compliance component], or by posting the report to the [https://groups.google.com/a/mozilla.org/g/dev-security-policy MDSP mailing list]. If an incident report is sent to the list without a corresponding bug, a new one will be created to track the incident.
The incident report should cover at least the following topics:
