[clifdweller]

Apple is pretty vague on their security practices purposefully so people don't try to game them. They are transparent though in that they are pretty strict 8000 dev account appeals and only 225 reinstatement in 2024 https://discussions.apple.com/thread/256187336?sortBy=rank Since you fired someone that would suggest you had something more than just a cert leak to a public GitHub. Did your appeal include an rca covering what actions the employee did that you identified then action plan to prevent in future. In Banking security at least and probably pretty similar we would see a lot of scapegoating in submitted rca which was frowned upon. It is failure of process that allowed an employee to do something undetected so identify action, and how it went undetected and your action plan should cover both. Don't rush into spamming them until you are confident in your plan. How is the cert stored on NAS / machine and what access controls on that machine and data loss prevention strategy for your cert. what monitoring to usage of cert do you have/submissions to app store sent to email all have access to or to company lead?