Versions Compared

Old Version 8

changes.mady.by.user Eric Hatleback

Saved on

compared with

New Version 9

changes.mady.by.user Eric Hatleback

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

user-30e7f found this page in the internal wiki. Should any of it be included here? https://wiki-int.sei.cmu.edu/confluence/display/VulTeam/Vendor+FAQ

Vendor FAQ

Is CERT/CC changing how they coordinate vulnerabilities?

No. Although VINCE is a new platform upon which the coordination will occur, the same goals, practices, and policies remain in place for CERT/CC's coordinated vulnerability disclosure procedure.

What should I do if a reporter is not responding or participating in the discussion on VINCE?

...

Once CERT/CC has identified and added the vulnerabilities to the case, we will request the status and statement from each impacted vendor. At that time, you will be able to add a status (affected/unaffected/unknown) and an official statement from the case discussion page.

...

You can update your status and modify your statement from the case discussion page (the same place that you provided your original status and statement).

How long do statement updates take to

...

be reflected on a

...

published vulnerability note?

CERT/CC will receive a notification when you update your statement. Once CERT/CC views and approves the update, the changes will be reflected immediately on the published vulnerability note.

...