Dear All, e-commerce monitoring GmbH is now 100% subsidiary of AUSTRIA CARD-Plastikkarten und Ausweissysteme Gesellschaft m.b.H., which is classified as “große Kapitalgesellschaft” (large corporation) and therefore needs to comply with all regulations of the Austrian GmbHG (limited liabilities company Act) and UGB (Commercial Code).
e-commerce monitoring GmbH was taken over as a fully functional and independent entity inside the AUSTRIA CARD group of companies. The certified policies, processes and commitments of e-commerce monitoring GmbH continue to apply. The takeover of the company also includes the taking over of the established staff which results in no changes except top management and e-commerce monitoring GmbH will continue to adhere and operate according to the respective policies. Best regards, Daniel On Wednesday, February 7, 2024 at 12:22:36 AM UTC+1 Ben Wilson wrote: > Hi Aaron, > > On Tue, Feb 6, 2024 at 3:00 PM Aaron Gable <aa...@letsencrypt.org> wrote: > >> e-commerce monitoring GmbH currently has multiple open bugzilla tickets >> which have not had any updates from their staff in multiple months: >> - https://bugzilla.mozilla.org/show_bug.cgi?id=1815534 >> - https://bugzilla.mozilla.org/show_bug.cgi?id=1862004 >> > > Correct - the questions raised by these incidents still need to be > answered. > > >> Does the behavior of the CA being acquired factor into decisions like >> this, or just the behavior of the acquiring entity? >> > > The behavior of the entity being acquired and the capabilities and history > of the acquiring company are relevant, going back for an unspecified period > of time. (Factors to be considered in deciding how far to go back include > the nature and severity of any non-compliance and the degree to which any > incidents reveal persistent, systemic problems.) > > >> If a distrust conversation were to arise in the future, how do root >> programs ensure that bugs filed under previous corporate names are still >> included in the analysis? >> > > We have not experienced a lot of M&A/name-change activity recently. I > believe the Mozilla Community has sufficient continuity, institutional > memory, and community-based knowledge about the history of CA operators. > So, I think this concern can be handled when needed with comments from > community members, and changes in the names of CA operators should not > require that we create a new tracking solution. (If incidents are > sufficiently recent or still have relevance, then we could update the > Bugzilla bugs "Summaries" by replacing the name of the previous operator > with the name of the new entity when there is a name change or CA operator > replacement.) > > Ben > > >> >> Thanks, >> Aaron >> >> On Fri, Feb 2, 2024 at 5:25 PM Ben Wilson <bwi...@mozilla.com> wrote: >> >>> Dear Suchan, >>> You make a valid point. However, in this case, I wasn't sure how other >>> root stores would be handling this. They may have their own processes. >>> Also, the distribution on this list is almost 3x greater than on the CCADB >>> public list, so I decided to post the discussion here. >>> If the other root stores want to have a public discussion of this >>> acquisition, then we can start a discussion on CCADB Public, too. >>> Sincerely yours, >>> Ben >>> >>> On Fri, Feb 2, 2024 at 5:53 PM Suchan Seo <tjt...@gmail.com> wrote: >>> >>>> While not have knowledge to comment about acquire itself, doesn't this >>>> more fit to ccadb mailing list? I thought root store policy about >>>> individual root was moved to there >>>> 2024년 2월 3일 토요일 오전 1시 45분 19초 UTC+9에 Ben Wilson님이 작성: >>>> >>>>> All, >>>>> >>>>> Recently we were advised that e-commerce monitoring GmbH is being >>>>> acquired by AUSTRIA CARD-Plastikkarten und Ausweissysteme GmbH. >>>>> >>>>> e-commerce monitoring operates the GLOBALTRUST 2020 root CA that is >>>>> included in the Mozilla root store. They have advised us of the following: >>>>> >>>>> There are no changes to the operation of the CA and RA functions. >>>>> >>>>> Changes to the corporate structure: >>>>> >>>>> - New shareholder: >>>>> AUSTRIA CARD-Plastikkarten und Ausweissysteme Gesellschaft m.b.H. >>>>> registered under the number FN 98272v commercial court Vienna >>>>> Lamezanstraße 4-8 >>>>> 1230 Vienna, Austria >>>>> https://www.austriacard.com/ >>>>> >>>>> - New Management >>>>> new: CEO ("Geschäftsführer") Mr. Emmanouil Kontos >>>>> new: Attorney ("Prokurist") Mr. Markus Kirchmayr >>>>> old: CEO Hans Zeger >>>>> >>>>> - Registered headquarter >>>>> new: Handelskai 388/621, 1020 Vienna, Austria >>>>> old: Redtenbachergasse 20, 1160 Vienna, Austria >>>>> >>>>> According to section 8.1 of the Mozilla Root Store Policy, “If the >>>>> receiving or acquiring company is new to the Mozilla root store, it MUST >>>>> demonstrate compliance with the entirety of this policy. There MUST be a >>>>> public discussion regarding its admittance to the root store. If Mozilla >>>>> reaches a positive conclusion after public discussion, then the affected >>>>> certificate(s) MAY remain in the root store.” >>>>> >>>>> By this email, I am initiating a four-week public discussion period, >>>>> scheduled to close on Friday, 1-March-2024, to allow for at least three >>>>> full weeks of public discussion. The first week (Feb. 5 – 9) is intended >>>>> to >>>>> give the acquiring company time to address the following topics: >>>>> >>>>> · Compliance with the Mozilla Root Store Policy >>>>> >>>>> · Ownership and governance >>>>> >>>>> · Investment and budget for CA operations, risk management, >>>>> and compliance >>>>> >>>>> · Community engagement and involvement in industry groups >>>>> >>>>> · Employee expertise and continuity >>>>> >>>>> · Operational design and ongoing GRC management >>>>> >>>>> · Auditors and auditing >>>>> >>>>> Thanks, >>>>> >>>>> Ben Wilson >>>>> >>>>> Mozilla Root Store Program >>>>> >>>> -- >>> You received this message because you are subscribed to the Google >>> Groups "dev-secur...@mozilla.org" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to dev-security-po...@mozilla.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabZVUgzo1rbr%3DyP-F0YzWCzjaO1sHKGYp%3DLTtQGzYEKrA%40mail.gmail.com >>> >>> <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabZVUgzo1rbr%3DyP-F0YzWCzjaO1sHKGYp%3DLTtQGzYEKrA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/557b0e34-f3d5-4ba8-ab99-301017ebd941n%40mozilla.org.
