New whiteboard tags for incidents reported on Bugzilla
Ben Wilson
All,
To achieve better incident tracking and to improve incident prevention and remediation over time, we are proposing additional whiteboard tags (which are added after [ca-compliance]) for incidents reported in Bugzilla. The current list of whiteboard tags is here https://wiki.mozilla.org/CA/Bug_Triage#Compliance_Problems_and_Incidents. The list includes [delayed-revocation-ca] and [delayed-revocation-leaf], and these would be changed to [ca-revocation-delay] and [leaf-revocation-delay], respectively. Other existing tags would remain.
Additional whiteboard tags would be:
|
[ca-misissuance] |
mis-issuance of a CA certificate |
|
[dv-misissuance] |
mis-issuance of a DV certificate |
|
[ov-misissuance] |
mis-issuance of an OV certificate |
|
[ev-misissuance] |
mis-issuance of an EV certificate |
|
[crl-failure] |
failure to provide certificate status via CRL; malformed, expired CRL |
|
[ocsp-failure] |
failure to provide certificate status via OCSP; malformed, expired OCSP |
|
[policy-failure] |
failure to update CP/CPS annually, failure to comply with practice in CP/CPS, misunderstanding requirements, failed implementation |
|
[disclosure-failure] |
failure to disclose an ICA, failure to report revocation of an ICA, non-disclosure-of-EV-sources, miscommunication, poor communication, etc. |
|
[uncategorized] or just “[ca-compliance]” |
anything not listed above |
When we discover a major theme that does not fit into one of the existing categories, then we can add a new tag to the list and change the whiteboard entry for the incident to include [new-tag].
Please provide your comments and suggestions.
Thanks,
Ben