On Friday, July 26, 2019 at 1:25:13 PM UTC-4, Wayne Thayer wrote: > ==Bad==
> * The most recent BR audit report lists two additional qualifications > related to the Network Security requirements: > ** During the Period, there were instances of some Certificate Systems not > undergoing a Vulnerability Scan at least every three (3) months. > ** During the Period, there were instances where a technical control to > restrict remote access to only those devices owned or controlled by Entrust > did not operate effectively. Deloitte has issued a Specified Procedures Report to address the above qualified items. The report has been added to https://bugzilla.mozilla.org/show_bug.cgi?id=1480510. Bruce. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy