Thanks, Roman I have added "Email Address / Group Distribution List" as a clarification. However, additional contact information such as a phone number might be needed in exceptional cases, but we can request that if needed.
Ben On Wed, Nov 22, 2023 at 11:07 PM Roman Fischer <roman.fisc...@swisssign.com> wrote: > Dear Ben, > > > > Thanks for the effort you put into this and especially to align the > markdown template to the regular incident reporting template as much as > possible. > > > > Regarding the “Contact Information”: What is Mozilla’s expectation here? > An e-mail address (personal or group mailbox), phone number (plus timezone > so that people aren’t called in the middle of “their” night)? Or… ? > > > > As for the other details in such a report: They look plausible and I guess > they are the result of previous incidents and details that were missing in > the initial communication. > > > > Kind regards > Roman > > > > *From:* dev-security-policy@mozilla.org <dev-security-policy@mozilla.org> *On > Behalf Of *Ben Wilson > *Sent:* Mittwoch, 22. November 2023 20:35 > *To:* dev-secur...@mozilla.org <dev-security-policy@mozilla.org> > *Subject:* Re: Improvements to Vulnerability Disclosure wiki page > > > > All, > > For your review and comment, today I reorganized the security incident and > vulnerability disclosure report's expected contents > <https://wiki.mozilla.org/CA/Vulnerability_Disclosure#Reportable_Vulnerability.2FIncident_Disclosure_Contents> > and added a markdown template > <https://wiki.mozilla.org/CA/Vulnerability_Disclosure#Markdown_Template> > that can be used in Bugzilla. > > Ben > > > > On Wed, Sep 27, 2023 at 11:47 AM Ben Wilson <bwil...@mozilla.com> wrote: > > All, > > As mentioned in a previous email, I am soliciting feedback regarding the > Vulnerability > Disclosure wiki page > <https://wiki.mozilla.org/CA/Vulnerability_Disclosure>. If you have any > specific suggestions that we can use to enhance clarity or to make the page > more complete, please don't hesitate to share them, either here or directly > with me. Your feedback is instrumental in our commitment to maintain a safe > and secure online environment. > > Thanks, > > Ben > > -- > You received this message because you are subscribed to the Google Groups " > dev-security-policy@mozilla.org" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to dev-security-policy+unsubscr...@mozilla.org. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabbqDu6N7yPnU9uL0RZQXPiMquHh-1FxTmPbQSeOj8T5w%40mail.gmail.com > <https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabbqDu6N7yPnU9uL0RZQXPiMquHh-1FxTmPbQSeOj8T5w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "dev-security-policy@mozilla.org" group. To unsubscribe from this group and stop receiving emails from it, send an email to dev-security-policy+unsubscr...@mozilla.org. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CA%2B1gtabhgCGjyeX_OtC9iT177XihXpCLHXgQvNgyrGh0rLCMMA%40mail.gmail.com.
