Noticed a banner on Let's Encrypt's home page today pointing to this:
It may be that they just want to forget about 2017.
Pesky baseline requirments
Well, honestly I don't think 2017's list of incidents looks all that severe, especially when looking at the number of certs affected, especially compared to things like TLS-SNI-01 being broken in practice in 2018, or 2020's CAA Rechecking Bug. I just wanted to say something snarky I guess.
Really Let's Encrypt's incident response (and philosophy of "no exceptions" all issuance goes through the regular API) sets the standard for the rest of the industry, and their level of incidents is really amazingly low, especially considering the percentage of Internet certificates they handle.
Congratulations, ISRG, on 10 years of making the Internet a much better place!