(In reply to Ryan Sleevi from comment #3)
Jonathan: Why was an update/incident report never provided on this bug? Have you updated your processes and controls to make sure that timely incident reports and responses are provided? CFCA is definitely not the only CA with old bugs needing responses, so it's understandable and unfortunately common, but as part of this delay, it would be good to know how compliance and training is changing to ensure timely and complete incident reports.
I'm Oliver, In view of our personnel changes, Jonathan's incident report work is now fully inherited by me. The update/incident report has been reply by Jonathan, but we are apologize for reports and responses lately.
In order to make sure that timely incident reports and responses, we will put more attention on Bugzilla, also, we have updated our system with hard fail mechanism and this had been finished in February 27, 2019. As the same time, we did some work to learn the compliance and training changing. we will take more stringent measures to prevent future problems, such as we had add a second audit process.
Thanks again for you.