We’re making updates to the way we differentiate DNS incidents that involve security incidents and other types of DNS findings.
DNS incidents are recorded as part of the Security Incidents risk vector. Currently, we discover issues with DNS records in two ways:
- When news articles are published about high-profile incidents.
- When a customer brings to our attention that one of their own DNS records is stale and agrees to allow us to record it as such.
Until recently, these were all recorded as DNS Incidents. Due to a recent decision by the Ratings Policy Review Board we now distinguish between the two.
- A DNS incident is an actual security incident for which we have a related public disclosure.
- A DNS finding is a finding reported by a customer published in the Other Disclosures section of the risk vector.
Neither DNS incidents nor DNS findings currently impact the Security Incidents risk vector grade. Learn more about how DNS incidents and findings are recorded.
Feedback
0 comments
Please sign in to leave a comment.