Versions Compared

Old Version 11

changes.mady.by.user Eric Hatleback

Saved on

compared with

New Version 22

changes.mady.by.user user-30e7f

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Excerpt

Table of Contents
true
maxLevel6
minLevel2
absoluteUrl
absoluteUrltrue

Should I sign up as an individual or an organization?

VINCE is designed so that accounts are tied to individual users, and users can be made members of groups, most commonly a vendor group. So if you're part of a security team like a PSIRT, sign up as an individual and request to be added to the appropriate vendor group(s). An existing administrator for a vendor group can add you to the group.

How do I become associated with a vendor?

Once you have created an individual VINCE account, ask us or a vendor group administrator. Users for whom we have existing trust (verified email address, possibly PGP key) are automatically associated with vendor groups. For users without existing trust, we perform a two-person validation process.

How do I manage my vendor group?

The first user added to a vendor group is granted the administrator role for that group. Our strong preference is that administrators manage further group membership. Multiple administrators are supported.

How can I give VINCE access to someone else in my organization?

Each organization has a designated group administrator account. This account permits invitation to the organization's group, which in turn allows access to the organization's cases. If a group administrator is not set for your organization, send the CERT/CC a private message with the email address of the desired group administrator, and we will validate the change. If you are the group administrator, you may invite someone from the User Management Page by adding the new user's email address. This email address must match the email associated with the user's VINCE account. Users associated with an organization automatically have access to all of the organization's cases.

Can I control which cases specific people in my organization have access to?

Not at this time.

My VINCE account has been associated with the proper vendor group, why can't I access my cases?

Log out and back in to VINCE.

What should I do if a reporter is not responding or participating in the discussion on VINCE?

If a reporter is not participating in the case, it is possible that the reporter chose not to create a VINCE account. The CERT/CC also may not have contact information for the reporter, so it is possible that the reporter will not be involved in the case. If an unresponsive reporter is listed among the VINCE participants in the case discussion, the CERT/CC may encourage the reporter to respond (perhaps by reaching out directly to the reporter).

How do I add my vulnerability status and submit an official statement?

Once the CERT/CC has identified and added the vulnerabilities to the case, we will request the status and statement from each impacted vendor. At that time, you will be able to add a status (affected/unaffected/unknown) and an official statement from the case discussion page.

...

Anyone participating in the case can see your status and statement before we publish the vulnerability note. Once the CERT/CC publishes the vulnerability note, the public will be able to view your status and statement.

...

How long do statement updates take to be reflected on a published vulnerability note?

The CERT/CC will receive a notification when you update your statement. Once the CERT/CC views and approves the update, the changes will be reflected immediately on the published vulnerability note.

...

Use the "My Contact Info" page to edit your public contact information. Click "Edit My Contact Info" in the top right and toggle the "Public" switch to "Yes" to make specific contact information public. By default, all contact information that the CERT/CC has for your organization is set to "Not Public".

How can I give VINCE access to someone else in my organization?

Each organization has a designated group administrator account. This account permits invitation to the organization's group, which in turn allows access to the organization's cases. If a group administrator is not set for your organization, send CERT/CC a private message with the email address of the desired group administrator, and we will make the change. If you are the group administrator, you may invite someone from the User Management Page by adding the new user's email address. This email address must match the email associated with the user's VINCE account. If an existing VINCE user is added to an organization, the user must log out and back in to gain access to the organization's cases. Users associated with an organization automatically have access to all of the organization's cases.

Can I control which cases specific people in my organization have access to?

My organization is affiliated with "Vendor X".  How can I be sure that I receive all of the notifications that "Vendor X" receives?

If you wish to receive a VINCE notification whenever a different specific vendor receives a VINCE notification, you should contact the other vendor (outside of VINCE) and ask that vendor's VINCE Admin to add your chosen email address to their vendor contact information.  Likewise, if you wish for another vendor to receive a VINCE notification whenever you receive a VINCE notification, then you should add an email address to your VINCE contact list that will reach that other vendorNot at this time. We hope to add this feature in the near future.