Date: Thu, 28 Mar 2024 10:34:53 -0400 (EDT) Message-ID: <134036786.485.1711636493491@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_484_368785981.1711636493489" ------=_Part_484_368785981.1711636493489 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Sometimes one of the parties involved in a CVD effort will stop = responding. Often, this is simply a reflection of priorities and attention = shifting elsewhere rather than intentional behavior. It's usually best to g= ive the benefit of the doubt and keep trying to reestablish contact if one = of the CVD participants goes unresponsive. Even in cases where the vendor h= as stopped responding in the midst of a coordination effort, the CERT/CC re= commends that reporters send the vendor a "heads up" message with some lead= time before publishing, optionally including a draft of the document about= to be published. This helps the vendor prepare its communication plan if n= ecessary, and sometimes helps to identify any lingering misunderstandings o= n the technical aspects of the vulnerability. Ammar Askar's blog post about= a Minecraft vulnerability serves as an example where a quick heads up to t= he vendor could have avoided some confusion [1].