Page History
...
Reporters that do not provide enough information to a vendor or coordinator may find their reports delayed or even rejected. Using CWE [2] or CAPEC [3] as a reference might be helpful to describe the type of vulnerability you have found and common ways to fix it the problem.
An example of a template for a vulnerability report, based on the CERT/CC's own Vulnerability Reporting Form (VRF) [4], is provided in Appendix D. Vendors that require additional information to validate reports should clearly document their specific requirements in their vulnerability disclosure policy, reporting form, or process description.
Panel | ||
---|---|---|
| ||
References
- K. Price, "Writing a bug report - Attack Scenario and Impact are key!" 2 August 2015. [Online]. Available: https://forum.bugcrowd.com/t/writing-a-bug-report-attack-scenario-and-impact-are-key/640. [Accessed 17 May 2017].
- MITRE, "Common Weakness Enumeration (CWE)," [Online]. Available: https://cwe.mitre.org/. [Accessed 17 May 2017].
- MITRE, "Common Attack Pattern Enumeration and Classification," [Online]. Available: https://capec.mitre.org/. [Accessed 17 May 2017].
- CERT/CC, "Vulnerability Reporting Form," [Online]. Available: https://vulcoord.cert.org/VulReport/. [Accessed 17 May 2017].
Overview
Content Tools