The View Original Report link on the left center section can be used to view the original vulnerability report that was used to create the case.
For any case, a Vendor Statement can be provided:
Vendor status approval
Once submitted, the CERT/CC will review the vendor status information before it is added to any case.
For any case that you are involved in, you can view and add to the discussion regarding it. The parties on the right side of the screen will all see the discussion and future parties added to the case will see past discussion. In the example below, the parties involved in the discussion include the CERT/CC (the coordinator), Madison Oliver (the reporter), and XYZ Company (the vendor).
Private Message CERT/CC
Pressing this button will give you a page where you can send a direct message to the CERT/CC.
View Draft Vulnerability Note
The View the draft vulnerability note link on the right center section can be used to preview what the vulnerability note will look like when it is published.
My Contact Info
VINCE My Contact Info is where you can edit details about your contact information.
Edit Contact Info
Press Edit My Contact Info to enter or modify contact information for your account.
Here a user can edit the following pieces of information for their account:
VINCE User Management can be used to manage the members of a vendor's contact list. If your account has not been determined to be the group administrator for the vendor you are associated with, you will not be able to perform any actions here. If you are the individual who should have administrative access over the vendor's user management, click the contact CERT/CC link to send a message to request this access.
Administrative User Management
If your administrator access level has been approved, you will see a screen similar to this:
By clicking the Invite User button, a group administrator can invite new users to use VINCE as part of the vendor that is being managed, which is XYZ Company in this case.
My Vulnerability Reports
For most vendors using VINCE, the My Vulnerability Reports part of VINCE will not be used. This part of VINCE is used for vulnerabilities reported using your VINCE account. In other words, if you haven't reported a vulnerability using VINCE, then you should expect this part of VINCE to look like this:
Report a Vulnerability
If you have a vulnerability to report to the CERT/CC, you can use the Report a Vulnerability link.