← Deutsche Telekom Security GmbH cases
Bugzilla #1976860
Audit Related
Telekom Security: Failure to file a bug for two findings from the 2024 Audit
RESOLVED
FIXED
Deutsche Telekom Security GmbH
AI Summary
Telekom Security failed to file a bug regarding two findings from the 2024 ETSI audit, which were resolved during the audit but not disclosed in Bugzilla. The findings pertained to insufficient documentation of role management processes and subcontractor agreements. The oversight was attributed to a misinterpretation of the audit findings and inadequate quality assurance in reviewing audit attestations. Following the incident, Telekom Security has completed all action items to improve their audit and incident management processes.
Chronology
- Auditor identifies findings during the audit.
- Root Store requests clarification on the lack of bug filing.
- Telekom Security discloses preliminary bug.
- All action items completed.
- Request for closure of the bug.
Participants
Stefan Kirch
External References
Similar Local Cases
Chunghwa Telecom: Findings in 2025 WebTrust Audit - GTLSCA Audit Incident Report #1 - mass certificate revocation plan
Certigna: Finding #2 ETSI Audit - Risks regarding the certification of device not described
Buypass: Findings in 2025 ETSI Audit - Audit Incident Report #1 - Compliance auditing on support processes
QuoVadis: Findings in 2024 ETSI Audit of QuoVadis Qualified Web ICA G2
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #3 – Internal Audit
PKIoverheid: TSP KPN Findings in 2025 ETSI Audit - Incident Report #5 – CMDB
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #3 – Asset Management
PKIoverheid: TSP CIBG Findings in 2025 ETSI Audit - Incident Report #5 – Risk Management