SECOM: Failure to disclose Unconstrained Intermediate within 7 Days

SECOM Trust Systems CO., LTD. failed to disclose an unconstrained intermediate certificate within the required 7-day period, violating Mozilla's policy. The issue was identified through a Bugzilla report, leading to an investigation that revealed the intermediate certificate did not meet the necessary technical constraints. SECOM acknowledged the oversight, revoked the problematic certificates, and committed to improving their processes to prevent future occurrences. An incident report was submitted detailing the timeline of events and corrective actions taken.

1. 2019-07-04 Bugzilla report received, issue identified.
2. 2019-07-10 SECOM stopped issuing certificates from the problematic intermediate CAs.
3. 2019-07-23 SECOM revoked the two intermediate CA certificates.
4. 2019-08-14 SECOM proposed a revised workflow to prevent future issues.