Certificateless public-key cryptography solves the certificate management problem in traditional public-key cryptography, and solves the key-escrow problem in identity-based publickey cryptography. There are numerous certificateless signature schemes [1–۸]. designed for different applications. To avoid bilinear pairing operations, Islam and Biswas [9] recently proposed a pairing-free certificateless digital signature scheme using elliptic curve cryptography (ECC). They also proved that their scheme was secure “against adaptive chosen-message and identity attacks” in the random oracle model. In this paper, I analyze the security of Islam et al.’s scheme and demonstrate that it is not secure even though it is proven secure against “adaptive chosen-message and identity attacks”. Furthermore, I comment on general security issues that should be considered when making improvements on their scheme. The security of other similar schemes can be checked using the same techniques, I employed in our study. The remainder of this paper is organized as follows. In Section 2, we discuss the security problem in Islam et al.’s [9] scheme. Section 3 presents the security heal. Finally, Section 4 concludes the paper.