Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Your organization will be notified when you are added to an open vulnerability case in the following ways:

  • An email sent to ?? notifying your organization that they have been added to an open vulnerability case
  • (something else? a banner?)

by receiving an email. You will also be able to view the case on your Dashboard when you log into VINCE.

Getting added to a case

If you have been told about an existing vulnerability case from a group already involved and believe that you should also be involved, you can contact the coordinators to be added to the case. From the "Inbox", click the button "New Message" and choose "Request for Vendor Access to a Case" from the "Why are you contacting us?" dropdown.


The right bar within the Case Discussion will show the coordinators, reporter(s), and vendor organization(s) that are included in the case  case. The coordinators will create a pinned post with relevant information that will stay at the top of the discussion, and those added to the case are able to create posts or reply to posts. To create a post,

Using the inbox

other comms: pointer to comms, private thread, PM to coordinator



The inbox can be used if anyone involved needs to send a private message to the coordinators regarding a case or a variety of other topics. To send a message, go to the "Inbox" and click the "Private Message CERT/CC" button in the top right. Select the subject for your message from the drop-down menu, type your message, then click "Send". These messages can only be seen by members of the CERT Coordination Center. The Inbox cannot be used to message the reporter or other vendors in a case.

Uploading or downloading an attachment

All of the attachments on a case are available at the bottom of the right bar under the "Documents" section. To upload an attachment, click the "+Add file" button, choose a file, and then click "Upload". To download the attachment, ...

Giving a vendor statement

To provide a vendor statement that will be included in the final publication, please center box at the top of the Case Discussion ...

Reviewing a Vulnerability Note

The coordinators will typically share the draft vulnerability note with those involved prior to publishing the case. To review the draft vulnerability note, click the box at the top right of the Case Discussion

Publishing a Vulnerability Note

vul note/disclosure - be aware of vul note, review draft, comment/feedback, update vendor status, be aware that vul note is published