Overview
documents the expectations for users of VINCE and coordinated vulnerability disclosure processes led by the CERT/CC.Table of Contents |
---|
Panel | ||||||
---|---|---|---|---|---|---|
| ||||||
Harassment: We define harassment as unwelcome or hostile behavior, including speech that intimidates, creates discomfort, or interferes with a person's participation or opportunity for participation; verbal threats or demands; degrading language; intimidation; harassing photography, screen shots, or audio or video recording; inappropriate physical contact; sexual imagery; unwelcome sexual attention; stalking; unsolicited physical contact; and sustained disruption of the coordination process, including case handling workflows, presentations, and other events. VINCE platform: The software service that the CERT/CC provides to enable its coordinated vulnerability disclosure practice. VINCE user: Any user of the VINCE platform, including CERT/CC analysts, researchers, vendors, and other participants. CERT/CC analyst: Individuals authorized to represent the CERT/CC within the VINCE platform. |
Responsibilities
is responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that the CERT/CC deems inappropriate, threatening, offensive, or harmful.CERT/CC and responsibility moderation noteChoose from one of the following formulations in the final text.
Persistent or recurring offenses from multiple members of an organization may result in consequences for the organization as well.
ReferencesOther corrective actions may include, but are not limited to:
- A private, written warning from the CERT/CC, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate.
- A warning with consequences for continued behavior.
- A temporary ban from use of VINCE for a specified period of time.
- A permanent ban from VINCE.