Re: Improvements to Vulnerability Disclosure wiki page

2024-01-04 Thread Ben Wilson
s that were missing in > the initial communication. > > > > Kind regards > Roman > > > > *From:* dev-security-policy@mozilla.org *On > Behalf Of *Ben Wilson > *Sent:* Mittwoch, 22. November 2023 20:35 > *To:* dev-secur...@mozilla.org > *Subject:* Re: Improvemen

RE: Improvements to Vulnerability Disclosure wiki page

2023-11-22 Thread Roman Fischer
-security-policy@mozilla.org On Behalf Of Ben Wilson Sent: Mittwoch, 22. November 2023 20:35 To: dev-secur...@mozilla.org Subject: Re: Improvements to Vulnerability Disclosure wiki page All, For your review and comment, today I reorganized the security incident and vulnerability disclosure report's

Re: Improvements to Vulnerability Disclosure wiki page

2023-11-22 Thread Ben Wilson
All, For your review and comment, today I reorganized the security incident and vulnerability disclosure report's expected contents and added a markdown template

Re: Improvements to Vulnerability Disclosure wiki page

2023-09-29 Thread 'Aaron Gable' via dev-security-policy@mozilla.org
t to allow disclosure -after- the vulnerability has been > fixed. > > > > Kind regards > Roman > > > > *From:* dev-security-policy@mozilla.org *On > Behalf Of *Wayne Thayer > *Sent:* Donnerstag, 28. September 2023 18:49 > *To:* dev-secur...@mozilla.org >

RE: Improvements to Vulnerability Disclosure wiki page

2023-09-28 Thread Roman Fischer
: Donnerstag, 28. September 2023 18:49 To: dev-secur...@mozilla.org Subject: Re: Improvements to Vulnerability Disclosure wiki page Hi Ben, Hypothetically, if a CVSS v3 9.8 Linux kernel zero-day is announced, and a CA is running that version of the kernel on a Certificate System, are they required

Re: Improvements to Vulnerability Disclosure wiki page

2023-09-28 Thread Wayne Thayer
Hi Ben, Hypothetically, if a CVSS v3 9.8 Linux kernel zero-day is announced, and a CA is running that version of the kernel on a Certificate System, are they required to report it as a Security Vulnerability? I don't think that's the intent, but I only reach that conclusion because the examples

Improvements to Vulnerability Disclosure wiki page

2023-09-27 Thread Ben Wilson
All, As mentioned in a previous email, I am soliciting feedback regarding the Vulnerability Disclosure wiki page . If you have any specific suggestions that we can use to enhance clarity or to make the page more complete, please don't hesitate