← CABF Ballot Browser
SC-309v3
passed
Ballot SC309v3: Definition of Critical Vulnerability
Server Certificate Working Group
Key dates
- Voting opened
- 02 Feb 2020 6 years ago
- Voting closed
- 09 Feb 2020 6 years ago
Resources
GitHub diff
https://github.com/cabforum/servercert/compare/2b7720f...neildunbar:61fd381?diff=split
https://github.com/cabforum/servercert/compare/2b7720f…neildunbar:61fd381?diff=split
AI Summary
Ballot overview
- Ballot SC309v3, Definition of Critical Vulnerability, is a Server Certificate Working Group ballot.
- The ballot page states that the voting period has concluded and the ballot has passed.
- It proposes one Final Maintenance Guideline.
Voting and quorum
- Certificate Issuers: 22 votes total, 23 yes votes listed, 0 no votes, 0 abstentions.
- Certificate Consumers: 5 votes total, 5 yes votes, 0 no votes, 0 abstentions.
- The ballot page states that the bylaw requirements were met for both Certificate Issuers and Certificate Consumers.
- The quorum requirement was also met.
Proposed change
- The ballot modifies the Network and Certificate System Security Requirements based on Version 1.5.
- In the Definitions section, it removes the existing definition of Critical Vulnerability.
- It inserts a new definition that limits the CVSS threshold to CVSS v2.0 score 7.0 or higher according to the NVD or an equivalent rating, or as otherwise designated by the CA or the CA/Browser Forum.
Timing
- The approval procedure is listed as Vote for approval for 7 days.
- Start Time: 2020-02-02 1700 UTC
- End Time: 2020-02-09 1700 UTC
- Voting opened
- 2020-02-02
- Voting closed
- 2020-02-09
AI-generated from the CABF ballot page. The official CABF article remains the authoritative source.
Excerpt
SearchHome » All CA/Browser Forum Posts » Ballot SC309v3: Definition of Critical VulnerabilityBallot SC309v3: Definition of Critical VulnerabilityThe voting period for Ballot SC39v3 has concluded and the Ballot has Passed.
View on cabforum.org →
Last fetched 16 hours ago