← Sectigo cases
Bugzilla #1972158 Certificate Problem Report

Sectigo: Lack of documentation for vulnerability NVD rating adjustment

RESOLVED FIXED Sectigo
AI Summary

Sectigo reported an incident regarding the lack of documentation for the adjustment of NVD ratings for two vulnerabilities discovered during their annual WebTrust audit. The issue stemmed from a single person being responsible for vulnerability management, leading to inadequate documentation of the decision-making process. Following the incident, Sectigo has increased personnel responsible for vulnerability management and established a weekly review call to ensure proper oversight. The case has been resolved with all action items completed.

Model: gpt-4o-mini Generated: 2026-06-13 20:56 UTC Confidence: 0.90
Chronology
  1. Vulnerability #1 is first discovered.
  2. Non-compliance identified date.
  3. Report Closure Summary posted.
Participants
Martijn Katerbarg
External References
Original Bugzilla Case bugzilla.mozilla.org bugzilla.mozilla.org
Related Bugzilla IDs Mentioned
#1906028 #1955721
Similar Local Cases
#1793787 RESOLVED Certificate Problem Report Opened 2022-10-05 · Closed 2023-02-22 · 59% similar
Sectigo: Non-existent hostname in CDP and AIA URLs
AI Summary CA Owner
#1912225 RESOLVED Certificate Problem Report Opened 2024-08-08 · Closed 2024-09-26 · 58% similar
Sectigo: HTML encoded characters in subject attribute values
AI Summary CA Owner
#1946927 RESOLVED Certificate Problem Report Opened 2025-02-08 · Closed 2025-05-16 · 58% similar
Sectigo: Intermittent OCSP unauthorized responses for certificates older than 15 minutes
AI Summary CA Owner
#1977253 RESOLVED Certificate Problem Report Opened 2025-07-14 · Closed 2025-09-15 · 58% similar
Sectigo: OV reuse data applied for wrong organization
AI Summary CA Owner
#2019995 RESOLVED Certificate Problem Report Opened 2026-02-27 · Closed 2026-04-08 · 58% similar
Sectigo: Package patching gap within Certificate Systems
AI Summary CA Owner
#1891039 RESOLVED Certificate Problem Report Opened 2024-04-11 · Closed 2024-05-05 · 57% similar
Sectigo: Premature disabling of CRL generation for an inactive CA
AI Summary CA Owner
#1945197 RESOLVED Certificate Problem Report Opened 2025-01-31 · Closed 2025-02-28 · 57% similar
Sectigo: Late receipt and disclosure to CCADB of ETSI audit letters
AI Summary CA Owner
#1991196 RESOLVED Certificate Problem Report Opened 2025-09-26 · Closed 2025-12-01 · 57% similar
Sectigo: OCSP, caIssuers, and CRL endpoints unavailable for a single Subordinate CA
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action