- General Questions
- Why is the CERT/CC moving to a more collaborative vulnerability coordination process?
- Why should I make a VINCE account?
- What is the service-level agreement (SLA) between the CERT/CC and VINCE users?
- What type of case does the CERT/CC usually coordinate?
- What happened to PGP email?
- Can I still send email to the CERT/CC?
- Who sees my private messages with the CERT/CC?
- Who sees the posts in the case discussion?
- Can I private message a VINCE user other than the CERT/CC?
- Who are the Coordinators? Can there be more than one?
- What time zone does VINCE use?
- How do I use the API?
- For Vendors
- Should I sign up as an individual or an organization?
- How do I become associated with a vendor?
- How do I manage my vendor group?
- How can I give VINCE access to someone else in my organization?
- Can I control which cases specific people in my organization have access to?
- What actions happen if a VINCE user's email address is associated with a permanent bounce?
- What should I do if a reporter is not responding or participating in the discussion on VINCE?
- How do I add my vulnerability status and submit an official statement?
- Who sees my status and statement?
- How do I change my vulnerability status or official statement?
- How long do statement updates take to be reflected on a published vulnerability note?
- What does "public" mean for my contact information?
- How do I update my public contact information?
- My organization is affiliated with "Vendor X". How can I be sure that I receive all of the notifications that "Vendor X" receives?
- What status should I select if my product is end-of-life, end-of-support, or generally no longer supported?
- For Reporters
- Can I participate anonymously?
- Will the vendor know who I am?
- What happens to reports submitted anonymously (i.e., without being linked to a VINCE account)?
- What should I do if a vendor is not responding?
- What do the various case statuses mean?
- How can I add information to my submitted vulnerability report?
- How do I ask the CERT/CC to reconsider a closed case?
- Will the CERT/CC give me a CVE ID?
- Can I add another reporter to a current case?
- Who else can see my report?