At least a couple weeks until application period concludes.
ICANN’s online system for new top level domain applications is likely more than a week away from opening up again. If that’s the case, that means we’re at least a couple weeks away from the application period concluding.
In an update posted this evening, ICANN said applicants that had data potentially exposed by the bug will be notified within the next seven business days. They will also be told who may have seen the data. Although I suppose the notifications could be concluded sooner, history tells us to err on the side of this not happening.
After everyone has been notified, ICANN will then release a schedule for opening and completing the application round.
The non-profit has already said TAS will be open for at least five days. So I figure we’re looking at two or more weeks before the application period finally closes.
As an interesting aside, the latest communication doesn’t say whether it will tell applicants that may have been able to view data if they will also be informed of this disclosure. I think this would be fair, given that their information is being provided to another party. This disclosure of the identity of who could view data creates an interesting scenario. Presumably ICANN will tell applicants the name of the entity that was able to see the data. What if the name of the applicant is something like Rugby.com, Inc, thus giving away the name of their string?