Versions Compared

Old Version 17

changes.mady.by.user Eric Hatleback

Saved on

compared with

New Version 18

changes.mady.by.user Eric Hatleback

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

We encourage both vendors and reporters to make a VINCE account to facilitate active involvement in the coordination of vulnerabilities reported to the CERT/CC. A vendor without an account will be unable to view vulnerability reports shared with the CERT/CC or participate in the coordination process. A reporter without an account will be unable to communicate with vendors or receive updates on the coordination status of submitted reports.  A reporter can create an account after submitting a vulnerability report to gain access to submitted reports, as long as the account is created using the same email address as the email address provided in the submitted report.

...

Vendors and reporters can expect a response from the CERT/CC within three days.

...

The VINCE platform does not require PGP for secure communications.  VINCE relies on account access controls and HTTPS to keep case discussions and messaging secure. Vendors and reporters are still able to upload and share PGP keys on their contact pages.

What type of case does the CERT/CC usually coordinate?

The CERT/CC considers the following conditions when deciding to coordinate:

...

A direct private message sent to the CERT/CC by an individual user can be seen by the user and CERT/CC analysts. A direct private message sent from the CERT/CC to a vendor can be seen by CERT/CC analysts and all members of the vendor organization with associated VINCE accounts.

...