Unfortunately, recent press reports suggest the incorrect conclusion that Chronicle reported nearly 2000 such certificates for Comodo / Sectigo. Since this story ran, we have investigated all of the certificates attributed to Comodo / Sectigo. More than 90% of these were expired, previously revoked, or duplicate reports. The breakdown is:
Previously revoked: 126
In process: 25
Active (now revoked): 127
Duplicate: These reported certificates match others that already have been logged in a different category. This duplication may owe itself to multiple uses of the same certificate or multiple reports of the same malware application.
Expired: These certificates had already expired as of this investigation.
Previously revoked: These certificates had already been revoked by Sectigo prior to this investigation. Certificates may potentially have been revoked for reported abuse or at the request of the customer.
In process: These reported certificates did not match our records of Code Signing certificates from Comodo / Sectigo during our investigation. We are continuing to investigate these certificates.
Active (now revoked): These certificates were active as of the investigation and are now revoked. As a matter of policy Sectigo revokes certificates used for malware and does not issue certificates to known abusers.