Comment 146 for bug 232340

Eddy, thanks for your reply. I have at least one other question, as noted below.

(In reply to comment #14)
> A third party audit was performed by the "We! Consulting Group", which is a
> respected solution and consulting provider in Israel, with great expertise
> in Public Key Infrastructure solutions and renowned costumers. The audit
> performed was based on the AICPA/CICA Webtrust for Certification Authorities
> Criteria and confirmed as such. However the We! Consulting Group is not a
> licensed WebTrust provider.

Could you point us to relevant public documentation in English demonstrating We! Consulting's expertise in information security audits and evaluations and CA and PKI issues in particular? Their web site <http://www.we-can.co.il/> is in Hebrew, and I can't find an English version; also Google was not helpful in terms of turning up third-party references to We! Consulting (e.g., news stories, case studies, etc.).

Given that We! Consulting is not an authorized WebTrust auditor we need something else to give us confidence that they're competent to perform an audit against the WebTrust criteria (or similar criteria, for that matter).