My understanding is the issue with WoSign and discovery of their purchase of StartCom (which violated trusted CA process by not informing anyone that they were sold) was originally done by Mozilla, which was also the first to act to remove them from trust stores.
https://blog.mozilla.org/security/2016/10/24/distrusting-new...