Dear Ben, Thanks for the effort you put into this and especially to align the markdown template to the regular incident reporting template as much as possible.
Regarding the “Contact Information”: What is Mozilla’s expectation here? An e-mail address (personal or group mailbox), phone number (plus timezone so that people aren’t called in the middle of “their” night)? Or… ? As for the other details in such a report: They look plausible and I guess they are the result of previous incidents and details that were missing in the initial communication. Kind regards Roman From: dev-security-policy@mozilla.org <dev-security-policy@mozilla.org> On Behalf Of Ben Wilson Sent: Mittwoch, 22. November 2023 20:35 To: dev-secur...@mozilla.org <dev-security-policy@mozilla.org> Subject: Re: Improvements to Vulnerability Disclosure wiki page All, For your review and comment, today I reorganized the security incident and vulnerability disclosure report's expected contents<https://wiki.mozilla.org/CA/Vulnerability_Disclosure#Reportable_Vulnerability.2FIncident_Disclosure_Contents> and added a markdown template<https://wiki.mozilla.org/CA/Vulnerability_Disclosure#Markdown_Template> that can be used in Bugzilla. Ben On Wed, Sep 27, 2023 at 11:47 AM Ben Wilson <bwil...@mozilla.com<mailto:bwil...@mozilla.com>> wrote: All, As mentioned in a previous email, I am soliciting feedback regarding the Vulnerability Disclosure wiki page<https://wiki.mozilla.org/CA/Vulnerability_Disclosure>. If you have any specific suggestions that we can use to enhance clarity or to make the page more complete, please don't hesitate to share them, either here or directly with me. Your feedback is instrumental in our commitment to maintain a safe and secure online environment. Thanks, Ben -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org<mailto:dev-security-policy@mozilla.org>" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org<mailto:dev-security-policy+unsubscr...@mozilla.org>. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabbqDu6N7yPnU9uL0RZQXPiMquHh-1FxTmPbQSeOj8T5w%40mail.gmail.com<https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabbqDu6N7yPnU9uL0RZQXPiMquHh-1FxTmPbQSeOj8T5w%40mail.gmail.com?utm_medium=email&utm_source=footer>. -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ZR0P278MB0170272B4E9A3C2FA7A50C8DFAB9A%40ZR0P278MB0170.CHEP278.PROD.OUTLOOK.COM.
