← e-commerce monitoring GmbH cases
Bugzilla #1893546
CCADB Compliance
e-commerce monitoring gmbh: failure to follow incident report requirements
RESOLVED
WONTFIX
e-commerce monitoring GmbH
AI Summary
e-commerce monitoring GmbH (GLOBALTRUST) has been found to repeatedly fail in adhering to Mozilla's incident reporting requirements, including delayed responses and insufficient incident reports. The CA has acknowledged these shortcomings and is currently restructuring its processes to improve compliance. As of June 30, 2024, GLOBALTRUST will be removed from browser root programs due to these issues, although certificates issued prior to this date will remain valid. The CA has ceased the issuance of TLS certificates until full compliance is achieved.
Chronology
- Incident report filed regarding failure to meet reporting requirements.
- Announcement of removal from browser root programs effective June 30, 2024.
Participants
Andrew Ayer
Daniel Zens
Amir Aamidi
R. Daurne
External References
Similar Local Cases
Google Trust Services: Failure to provide regular and timely incident updates
Netlock: Failure to Provide Weekly Updates
NETLOCK: Full Incident Report was not published within 14 days of notification
DigiCert: Persistent failure to answer questions in a timely manner
Sectigo: Inadequate vulnerability scanning and patching
Sectigo / Web.com: inconsistent disclosure of externally-operated intermediate
Certum root lists a Microsec CPS in AllCertificateRecordsCSVFormatv2
IdenTrust: Inaccurate CRL Details in CCADB