Certificate Authorities can face incidents like misissuance or non-issuance, with misissuances often caused by human error or software bugs.
Baselining Requirements set by the CA/B forum provide rules for dealing with certificate misissuances, including the timeline for revocation.
Entrust's recent incident highlights a misissuance dilemma, where they continued misissuing certificates and refused to follow the proper revocation process, impacting thousands of Extended Validation certificates.