Clarify the 96-hour vulnerability remediation process

cabforum / netsec

Repository for the CA/Browser Forum Network Security Chartered Working Group

14 stars 9 forks source link

Clarify the 96-hour vulnerability remediation process #8

Open BenWilson-Mozilla opened 2 years ago

BenWilson-Mozilla commented 2 years ago

Occasionally, the NetSec group has received comments that the 96-hour process for remediation of critical vulnerabilities in section 4.f. needs to be clarified.

clintwilson commented 2 years ago

Align with more common frameworks/timelines for vuln remediation
Add requirements for non-critical vulns
Ensure clarity of requirement
Align scope (ideally through a scoping of the entire NCSSRs)