The author analyzed data from logged unexpired certificates in Certificate Transparency (CT) logs to identify trends among compromised certificates. They grouped the issuers of compromised certificates and compared the compromise rates of different Certificate Authorities (CAs). The findings showed that CAs with a higher volume of certificates issued generally had a higher number of compromised certificates, which was not surprising. However, the author noted that CAs that primarily used automation or had fully-managed TLS providers had lower compromise rates. The analysis also highlighted the role of humans in compromising certificates and emphasized the importance of minimizing human involvement in key handling.
https://www.hezmatt.org/~mpalmer/blog/2024/01/30/why-certificate-automation-matters.html