On April 6, Apple submitted an update to the original incident report (https://bugzilla.mozilla.org/show_bug.cgi?id=1533655), which is reposted below. ____________________________________________________________
Over 10,000 additional certificates have been revoked since our last update. In a previous update, we committed to doing the following: “Subsequent to suppressing the serial number check alert, and prior to identifying the current issue, a process was implemented to provide more oversight for changes to alerts. This enhanced process may have been sufficient to prevent the incorrect suppression of the serial number alert, but the process will be reviewed again to identify if further enhancements are required. This will be completed by March 31, 2019.” This review was completed. As a result, additional approval is required before alerts are modified and alerts will be tested on a quarterly basis to ensure they continue to function as intended. We expect to provide the next update soon after the April 30 milestone, on or about May 3 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy