Sometimes one of the parties involved in a CVD effort will stop responding. Often, this is simply a reflection of priorities and attention shifting elsewhere rather than intentional behavior. It's usually best to give the benefit of the doubt and keep trying to reestablish contact if one of the CVD participants goes unresponsive. Even in cases where the vendor has stopped responding in the midst of a coordination effort, the CERT/CC recommends that reporters send the vendor a "heads up" message with some lead time before publishing, optionally including a draft of the document about to be published. This helps the vendor prepare its communication plan if necessary, and sometimes helps to identify any lingering misunderstandings on the technical aspects of the vulnerability. Ammar Askar's blog post about a Minecraft vulnerability serves as an example where a quick heads up to the vendor could have avoided some confusion [1].
References
- A. Askar, "Minecraft Vulnerability Advisory," 16 April 2015. [Online]. Available: http://blog.ammaraskar.com/minecraft-vulnerability-advisory/. [Accessed 23 May 2017].