Log in
VulWiki
  • Spaces
  • Hit enter to search
  • Help
    • Online Help
    • Keyboard Shortcuts
    • Feed Builder
    • What’s new
    • Available Gadgets
    • About Confluence
  • Log in

VINCE
VINCE
  • Pages

Space shortcuts

  • VINCE
  • CERT Vulnerability Analysis
  • CERT Guide to CVD
  • Tools

Page tree

Browse pages
    • Attachments (0)
    • Page History
    • Page Information
    • Resolved comments
    • View in Hierarchy
    • View Source
    • Export to PDF
    • Export to Word
  1. Pages
  2. VINCE Documentation
  • Jira links

Frequently Asked Questions

  • Created by user-8b192, last modified by Eric Hatleback on 2020-05-06

  • General Questions

    • Why is the CERT/CC moving to a more collaborative vulnerability coordination process?
    • Why should I make a VINCE account?
    • What is the service-level agreement (SLA) between the CERT/CC and VINCE users?
    • What type of case does the CERT/CC usually coordinate?
    • What happened to PGP email?
    • Can I still send email to the CERT/CC?
    • Who sees my private messages with the CERT/CC?
    • Who sees the posts in the case discussion?
    • Can I private message a VINCE user other than the CERT/CC?
    • Who are the Coordinators? Can there be more than one?
    • What time zone does VINCE use?
    • How do I use the API?

  • For Vendors

    • Should I sign up as an individual or an organization?
    • How do I become associated with a vendor?
    • How do I manage my vendor group?
    • How can I give VINCE access to someone else in my organization?
    • Can I control which cases specific people in my organization have access to?
    • What actions happen if a VINCE user's email address is associated with a permanent bounce?
    • What should I do if a reporter is not responding or participating in the discussion on VINCE?
    • How do I add my vulnerability status and submit an official statement?
    • Who sees my status and statement?
    • How do I change my vulnerability status or official statement?
    • How long do statement updates take to be reflected on a published vulnerability note?
    • What does "public" mean for my contact information?
    • How do I update my public contact information?
    • My organization is affiliated with "Vendor X". How can I be sure that I receive all of the notifications that "Vendor X" receives?
    • What status should I select if my product is end-of-life, end-of-support, or generally no longer supported?

  • For Reporters

    • Can I participate anonymously?
    • Will the vendor know who I am?
    • What happens to reports submitted anonymously (i.e., without being linked to a VINCE account)?
    • What should I do if a vendor is not responding?
    • What do the various case statuses mean?
    • How can I add information to my submitted vulnerability report?
    • How do I ask the CERT/CC to reconsider a closed case?
    • Will the CERT/CC give me a CVE ID?
    • Can I add another reporter to a current case?
    • Who else can see my report?

  • faq
Overview
Content Tools
  • Powered by Atlassian Confluence 8.5.4
  • Printed by Atlassian Confluence 8.5.4
  • Report a bug
  • Atlassian News
Atlassian

Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800

Contact Us
  • Office Locations|
  • Additional Sites Directory|
  • Legal|
  • Privacy Notice|
  • CMU Ethics Hotline|
  • www.sei.cmu.edu

® CERT and CERT Coordination Center are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.

© 2023 Carnegie Mellon University

{"serverDuration": 75, "requestCorrelationId": "50a4be97c9e6b9ee"}