WebPKI Observatory — Long Tail Risk
Seventy-six CAs hold full root store inclusion but collectively issue fewer than 7% of certificates, creating a risk-return imbalance where tail CAs carry equivalent trust privileges with minimal operational visibility. Low issuance volumes reduce public scrutiny and limit the statistical likelihood of external incident discovery, as shown by the 19% external researcher detection rate that concentrates on high-volume targets. These tail CAs represent latent systemic risk, enjoying universal browser trust while operating below the threshold of sustained oversight.