On Friday, February 12, 2021 at 10:27:11 AM UTC-6, Ben Wilson wrote: > I'm fine with that suggestion. > On Fri, Feb 12, 2021 at 5:06 AM malcol...--- via dev-security-policy < > dev-secur...@lists.mozilla.org> wrote: > > > On Thursday, 11 February 2021 at 21:14:13 UTC, Ben Wilson wrote: > > > 11. all incidents (as defined in section 2.4), including those reported > > in > > > Bugzilla, that were: > > > * disclosed by the CA or discovered by the auditor, and > > > * unresolved at any time during the audit period; > > > > > > The idea is that all "incidents" must be reported if they were > > "unresolved" > > > - which would include those that occurred or were open - at any time > > during > > > the audit period. > > > > > > > Wouldn't it be clearer to non-native English speakers to avoid the nuance > > associated with "unresolved at any time" needing to imply both those that > > occurred or those that were still open? > > > > Why not amend the language to just say: > > > > 11. all incidents (as defined in section 2.4), including those reported in > > Bugzilla, that: > > * were disclosed by the CA or discovered by the auditor, and > > * occurred or were open at any time during the audit period; > > _______________________________________________ > > dev-security-policy mailing list > > dev-secur...@lists.mozilla.org > > https://lists.mozilla.org/listinfo/dev-security-policy > > This wording works from a WebTrust perspective as well. Thanks! _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
Re: Policy 2.7.1: MRSP Issue #187: Require disclosure of incidents in Audit Reports
Jeff Ward via dev-security-policy Mon, 15 Feb 2021 10:47:32 -0800
- Policy 2.7.1: MRSP Issue #18... Ben Wilson via dev-security-policy
- Re: Policy 2.7.1: MRSP ... Matthias van de Meent via dev-security-policy
- Re: Policy 2.7.1: M... Ryan Sleevi via dev-security-policy
- Re: Policy 2.7.... Matthias van de Meent via dev-security-policy
- Re: Policy 2.7.1: MRSP ... Jeff Ward via dev-security-policy
- Re: Policy 2.7.1: M... Ben Wilson via dev-security-policy
- Re: Policy 2.7.... Ryan Sleevi via dev-security-policy
- Re: Policy ... Ben Wilson via dev-security-policy
- Re: Policy ... malcol...--- via dev-security-policy
- Re: Policy 2.7.1: M... Clemens Wanko via dev-security-policy