CA/Vulnerability Disclosure: Difference between revisions

Additional guidance can also be found in various publications from [https://www.enisa.europa.eu/publications/article19-incident-reporting-framework ENISA], [https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8286D.pdf NIST], [https://www.cyber.gc.ca/en/guidance/introduction-cyber-threat-environment the Canadian Centre for Cybersecurity], and [https://academic.oup.com/cybersecurity/article/9/1/tyad009/7160387 academia].

Reportable Vulnerability disclosures must be comprehensive, accurate, transparent, and provide sufficient information to assist Mozilla in determining whether Mozilla needs to take action, such as adding certificates to OneCRL, and whether the CA Operator appropriately determined the severity and the response. Below is a list of essential information that a vulnerability disclosure should contain.