Xcitium

The company was founded in 1998 in the United Kingdom by Melih Abdulhayoğlu. It relocated to the United States in 2004. Its products focused on computer and internet security, including the operation of an SSL certificate authority. The firm helped set standards by contributing to the Internet Engineering Task Force DNS Certification Authority Authorization Resource Record. Francisco Partners in 2017 acquired Comodo Certification Authority from Comodo Security Solutions, Inc., and the next year rebranded it as Sectigo. This new entity announced on June 28, 2018, that it was expanding from TLS/SSL certificates into IoT security with an IoT device security platform, and a week later a new headquarters for itself in Roseland, New Jersey. Then on August 16, 2018, it announced it was acquiring CodeGuard, a website maintenance and disaster recovery company. == Industry affiliations ==

Comodo is a member of the following industry organizations: • Certificate Authority Security Council (CASC): In February 2013, Comodo became a founding member of this industry advocacy organization dedicated to addressing industry issues and educating the public on internet security. • Common Computing Security Standards Forum (CCSF): In 2009 Comodo was a founding member of the CCSF, an industry organization that promotes industry standards that protect end users. Comodo CEO Melih Abdulhayoğlu is considered the founder of the CCSF. • CA/Browser Forum: In 2005, Comodo was a founding member of a new consortium of certificate authorities and web browser vendors dedicated to promoting industry standards and baseline requirements for internet security. Melih Abdulhayoğlu invited top browser providers and certification authorities to a round table to discuss the creation of a central authority responsible for delivering digital certificate issuance best practice guidelines. == Products ==

• Comodo Dragon (web browser) • Comodo Ice Dragon (web browser) • Comodo Internet Security • Comodo System Utilities • Comodo Mobile Security ==Controversies==

Certificate hacking On 23 March 2011, Comodo posted a report that 8 days earlier, on 15 March 2011, a user account with an affiliate registration authority had been compromised and was used to create a new user account that issued nine certificate signing requests. Nine certificates for seven domains were issued. Though the firm initially reported that the breach was the result of a "state-driven attack", it subsequently stated that the origin of the attack may be the "result of an attacker attempting to lay a false trail.". The talk by Moxie at Def Con suggested the attacker may have been inexperienced and following online tutorials for man-in-the-middle attacks. In an update on 31 March 2011, Comodo stated that it detected and thwarted an intrusion into a reseller user account on 26 March 2011. The new controls implemented by Comodo following the incident on 15 March 2011, removed any risk of the fraudulent issue of certificates. Comodo believed the attack was from the same perpetrator as the incident on 15 March 2011. In regards to this second incident, Comodo stated, "Our CA infrastructure was not compromised. Our keys in our HSMs were not compromised. No certificates have been fraudulently issued. The attempt to fraudulently access the certificate ordering platform to issue a certificate failed." On 26 March 2011, a person under the username "ComodoHacker" verified that they were the attacker by posting the private keys online and posted a series of messages detailing how poor Comodo's security is and bragging about their abilities. There was at least 4 hacks on Comodo and their certificate reseller that year. As of 2016, all of the certificates remain revoked. Certificates issued to known malware distributors In 2009 Microsoft MVP Michael Burgess accused Comodo of issuing digital certificates to known malware distributors. Comodo responded when notified and revoked the certificates in question, which were used to sign the known malware. Let's Encrypt trademark registration application In October 2015, Comodo applied for "Let's Encrypt", "Comodo Let's Encrypt", and "Let's Encrypt with Comodo" trademarks. These trademark applications were filed almost a year after the Internet Security Research Group, parent organization of Let's Encrypt, started using the name Let's Encrypt publicly in November 2014, and despite the fact Comodo's "intent to use" trademark filings acknowledge that it has never used "Let's Encrypt" as a brand. On 24 June 2016, Comodo publicly posted in its forum that it had filed for "express abandonment" of their trademark applications. Comodo's Chief Technical Officer Robin Alden said, "Comodo has filed for express abandonment of the trademark applications at this time instead of waiting and allowing them to lapse. Following collaboration between Let's Encrypt and Comodo, the trademark issue is now resolved and behind us, and we'd like to thank the Let's Encrypt team for helping to bring it to a resolution." ==See also==