Is the following a valid risk & any CVSS rating assigned to it?:
Symantec SSL certificates are rated by Google & Mozilla as risky & recommends to deprecate them prematurely even before its expiry; URL:
Which other vendors' SSL certs would you recommend to replace Symantec's?
if we don't replace, what are the mitigating controls we can put in place?
Can it wait till Oct 2018 to remediate?