Versions Compared

Old Version 17

changes.mady.by.user user-8b192

Saved on

compared with

New Version 23

changes.mady.by.user user-5cf7e

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Documentation update

...

Once you have created an individual VINCE account, ask us or a your vendor group administrator. Users for whom we have existing trust (verified email address, possibly PGP key) are automatically associated with vendor groups. For users without existing trust, we perform a two-person validation process.

...

Each organization has a designated group administrator account. This account permits invitation to the organization's group, which in turn allows access to the organization's cases. If a group administrator is not set for your organization, send the CERT/CC a private message with the email address of the desired group administrator, and we will validate the change. If you are the group administrator, you may invite someone from the User Management Page by adding the new user's email address. This email address must match the email associated with the user's VINCE account. Users associated with an organization automatically have access to all of the organization's cases.

Can I control which cases specific people in my organization have access to?

Not at this timeYes. VINCE allows case access control through the User Management Page.  By default all users have access to all current and new cases. You can toggle this setting by disabling the "Default User Case Access" toggle and selecting the cases each individual should have access to.  When the default access is disabled, group administrators will need to grant access for non-admin users to new cases.

My VINCE account has been associated with the proper vendor group, why can't I access my cases?

Log out and back in to VINCE.  If this doesn't work, please send us a message.

What should I do if a reporter is not responding or participating in the discussion on VINCE?

...

Who sees my status and statement?

Anyone participating By default, only the VINCE coordinators in the case can see your status and statement before we publish the vulnerability note. You are welcome to share your status and statement with other case participants by switching the "Share" toggle when you submit your status and statement.  This will allow anyone participating in the case to view your status or statement.  The status will appear next the vendor name on the right side of the case discussion.  By clicking the status, you will be able to view any additional statements and references provided. Once the CERT/CC publishes the vulnerability note, the public will be able to view your status and statement.

...

How do I update my public contact information?

Use Group administrators can use the "My Contact Info" page to edit your their public contact information. Click "Edit My Contact Info" in the top right and toggle the "Public" switch to "Yes" to make specific contact information public. By default, all contact information that the CERT/CC has for your organization is set to "Not Public".

My organization is affiliated with "Vendor X".  How can I be sure that I receive all of the notifications that "Vendor X" receives?

If you wish to receive a VINCE notification whenever a different specific vendor receives a VINCE notification, you should contact the other vendor (outside of VINCE) and ask that vendor's VINCE Admin to add your chosen email address to their vendor contact information.  Likewise, if you wish for another vendor to receive a VINCE notification whenever you receive a VINCE notification, then you should add an email address to your VINCE contact list that will reach that other vendor.