...

This Code of Conduct documents the expectations for users of VINCE and coordinated vulnerability disclosure processes lead led by the CERT/CC.

The design of VINCE corresponds to having participants/reporters and vendors in closer comms.

The CERT/CC is no longer acting as email proxy and mailing list (approval) moderator.

We expect participants to be professional and respectful.

Disagreement is OK, personal jibes are not.

Participants can edit or delete their own messages.

CERT/CC can edit? or delete any messages.

We only expect to edit/delete/moderate when needed.

Portions of this document are adapted from

• https://www.contributor-covenant.org/version/2/0/code_of_conduct/
• https://resources.sei.cmu.edu/asset_files/Brochure/2015_015_001_447225.pdf

Definitions

Harassment:  We  We define harassment as unwelcome or hostile behavior, including speech that intimidates, creates discomfort, or interferes with a person's participation or opportunity for participation; verbal threats or demands; degrading language; intimidation; harassing photography, screen shots, or audio or video recording; inappropriate physical contact; sexual imagery; unwelcome sexual attention; stalking; unsolicited physical contact; and sustained disruption of the coordination process, including case handling workflows, presentations, and other events.

VINCE platform: the  The software service that the CERT/CC provides to enable its coordinated vulnerability disclosure practice.

VINCE user: any  Any user of the VINCE platform, including CERT/CC analysts, researchers, vendors, and other participants.

CERT/CC analyst: individuals  Individuals authorized to represent the CERT/CC within the VINCE platform.

...