← Chunghwa Telecom cases
Bugzilla #2009046
CCADB Compliance
Chunghwa Telecom: Delayed disclosure to Bug 2008799 GTLSCA Audit Incident Report #3 - Missing vulnerability scan
RESOLVED
FIXED
Chunghwa Telecom
AI Summary
Chunghwa Telecom experienced a delayed disclosure incident related to an audit finding from the GTLSCA annual audit. The finding, which involved a missing vulnerability scan, was not disclosed within the required 72-hour timeframe as mandated by CCADB Policy 5.2. This oversight was identified after a third-party notification prompted the CA to recognize the need for corrective disclosure. The CA has since implemented measures to prevent future occurrences, including mandatory training on CCADB policies and the establishment of an Audit Finding Monitoring Dashboard.
Chronology
- Start of non-compliance due to missed disclosure window
- Non-compliance identified
- Non-compliance ended
- Report closure requested
Participants
Tsung-Min Kuo
External References
Similar Local Cases
Chunghwa Telecom: Delayed disclosure to Bug 2008782 GTLSCA Audit Incident Report #1 - mass certificate revocation plan
Chunghwa Telecom: Delayed audit disclosure for GTLSCA
Chunghwa Telecom: Failure to Submit Annual CCADB Self-Assessment 2023 by GTLSCA.
Chunghwa Telecom: Delayed Annual Audit Report 2024
Chunghwa Telecom: Delayed to Submit Annual CCADB Self-Assessment 2024 by GTLSCA.
ANF AC: Delayed Disclosure of Updated Policy Documents in CCADB
Telia: Delayed submission of preliminary audit incident report
IdenTrust: Delay in updating a Bug 2016585 - Action item