← SwissSign AG cases
Bugzilla #1990282
CCADB Compliance
SwissSign: recommendation on linting software updates
RESOLVED
FIXED
SwissSign AG
AI Summary
The audit report for SwissSign recommended improvements to their process for updating linting software, emphasizing that updates should occur within three months of a linter release. SwissSign relied on an external PKI vendor for these updates and did not have an internal monitoring process in place, which is a 'SHOULD' requirement according to CA/B Forum TLS BR section 6.6.1. Following the audit, SwissSign has implemented a monitoring process and established an escalation procedure with the vendor to ensure compliance. All related action items have been completed, and the monitoring process is now integrated into their operational controls.
Chronology
- Audit report containing recommendations published
- Monitoring process for linter updates established
Participants
Sandy Balzer
Chrome Root Program
Dimitris Zacharopoulos
Roman Fischer
Stephan Verbücheln
External References
Similar Local Cases
SwissSign: recommendation on log review process
SwissSign: recommendation on review of key pair generation implementation
SwissSign: recommendation on BIA/BCP test coverage
SwissSign: recommendation on firewall review
SwissSign: recommendation on publication process for CA related data
SwissSign: Audit Letter Validation failures on intermediate certificates
Chunghwa Telecom: Delayed Annual Audit Report 2024
NETLOCK: Full Incident Report was not published within 14 days of notification