Hi Dessalegn, I think this would fall under an informational report, because: - it was caused by a bad configuration update, not a malicious actor - it affected less than 25% of a single RSO, so no material effect on the RSS While I think/hope that we will include a recommendation that RSSAC or the RSS GS consider creating guidance for information reporting, it's otherwise out of scope for the current document. Regards, Robert USC Information Sciences Institute <http://www.isi.edu/> Networking and Cybersecurity Division On Mon 2024-04-22 10:37:01+0300 Dessalegn wrote:
Here is a security incident report that supports our approach(covering indirect incidents), i.e., including security incidents related to critical infrastructure components upon which the RSS relies.
https://status.ripe.net/incidents/l3cz0rry823k
Dessalegn