← Sectigo cases
Bugzilla #1563579
Certificate Problem Report
Sectigo: Failure to provide timely incident reports
RESOLVED
FIXED
Sectigo
AI Summary
Sectigo has faced significant challenges in providing timely incident reports, raising concerns about its operational transparency and compliance with Mozilla's incident response policies. The issue was first raised in July 2019, highlighting a pattern of delayed responses to multiple incident reports. Despite commitments to improve communication and incident handling, the company has struggled to meet expectations, leading to ongoing scrutiny from the community. The case emphasizes the need for Sectigo to enhance its processes and ensure timely updates to maintain trust.
Chronology
- Bug opened due to Sectigo's delayed incident responses.
- Sectigo commits to weekly updates on incident reports.
- Concerns raised about continued delays in incident reporting.
- Sectigo acknowledges failures in timely reporting.
- Bug scheduled for closure after ongoing discussions.
Participants
Ryan Sleevi
Robin Alden
Rob Stradling
Tim Callan
External References
Similar Local Cases
Sectigo: Failure to provide a preliminary report within 24 hours.
Sectigo: Lack of input validation in stateOrProvinceName
Sectigo: DCV Reuse after 825 days
Sectigo: OCSP responses directly signed using root certificates without KU=digitalSignature
Sectigo: Failure to provide a preliminary report within 24 hours
Sectigo: Failure to revoke key-compromised certificates
Sectigo: Failure to block disallowed LDH labels in domain names
Sectigo: CPR response issues