← IdenTrust Services, LLC cases
Bugzilla #2025914
Policy Compliance
IdenTrust: Full Incident Report for bug 2014610 was not published within 14 days of discovering the issue
RESOLVED
FIXED
IdenTrust Services, LLC
AI Summary
IdenTrust failed to publish a Full Incident Report for Bug 2014610 within the required 14-day timeframe as stipulated by CCADB policy. The incident was identified on February 16, 2026, but the report was not posted until February 17, 2026, with public follow-up comments noting the violation on March 21, 2026. No customer impact was reported, and the issue was classified as a procedural non-compliance. IdenTrust has since standardized its incident disclosure process and implemented automated reminders to ensure timely reporting in the future.
Chronology
- Non-compliance start date identified
- Full Incident Report posted
- Public follow-up comments noted 14-day requirement violation
- Automated reminders for reporting milestones implemented
- Final call for comments on Incident Report
Participants
IdenTrust
External References
Similar Local Cases
IdenTrust: Full Incident Report for bug 2016585 was not published within 14 days of discovering the issue
IdenTrust: Full Incident Report for Bug 2014609 was not published within 14 days of discovering the issue
IdenTrust: Failure to disclose Unconstrained intermediate Within 7 Days
IdenTrust: basicConstraints not flagged "Critical" Per Certification Practices Statement
NETLOCK: did not file a preliminary incident report or respond to a third-party report within the 72-hour timeframe
Microsoft PKI Services: Failure to disclose Unconstrained Intermediate within 7 Days
Google Trust Services: Incomplete CRL Distribution Point URLs in CCADB for GTS Roots
Sectigo / SSL.com: Late disclosure of updated SSL.com CP/CPS to CCADB