Thank you for your comments.
Let us provide our answers as bellow.
Please explain why the 20 days since the first discovery until the incident report?
Further, considering that one of the first incident reports  appeared on March 1, 2019, why it took 7 days until >SECOM became aware of the issue.
We apologize very much for delay to post our incident report.
From now on, we will make sure to post the first report as quick as we can.
The reasons for the delayed posting of the incident report are as follows.
- We carried out check for the overall of our CA systems.
- As a result, some CAs did not correspond to the serial number problem, but several problematic CAs were found.
- In addition to migrate of CA products, CAs which had problem was found to affect our related systems (for example, web service systems which are sub-systems of issuing certificates) and customer side systems (for example, systems which link and capture after issuance of certificates), thus it took time to analyze for resolution.
It is unclear if this is proposing that the EJBCA configuration will not be changed until the end of April. This is a >significant and substantial delay, considering that other CAs have been able to change the configuration within hours, >or prompting stopped all issuance until they could.
Is this a correct understanding of the proposed timeline? If so, please explain what makes SECOM unique among all CAs >reporting this and why so significant a delay. If this is not a correct understanding, please provide further >explanation.
In addition to migrate of CA products, other related systems (such as our related systems and customer side systems as described in #1 above) are also involved, thus it takes time to analyze the impact on many of our customers and resolve and also make verification.
Although we planned to resolve this issue once by the end of April, we are now heavily aware of the situation and will make arrangements with our customers on an intermittent basis.
Some CAs aim to complete in a shorter period of time, such as the target by at least 4/9/2019.
As noted in the question, please provide a meaningful explanation about why issuance has not stopped, if the matter >has not been resolved.
As described in # 2, in order to made arrangements with our customers, we have prioritized and responded to the early prospects of migrating the CA systems and related systems.
We would like to ask for your understanding, as the impact on customers is so great.
We will make our best efforts to resolve this situation as soon as possible.
Thank you for your consideration.