Troubleshooting Table

Role(s)	Phase(s)	Problem	Description	Tips
Reporter	Validation and Triage	Vendor explicitly declines to take action on a report	The vendor has been given an opportunity to review the report The vendor informs the reporter of its decision not to take any further action Assuming both conditions above have been met, the validation and triage phase has concluded, and the vendor has indicated that they will not be engaging in the remediation phase.	The reporter's implied obligation to the vendor coordination process is effectively terminated at this point. Assuming the reporter chooses to continue pursuing the issue at all, their options include: The reporter may publish the report on their own. The reporter may attempt to engage a coordinator
Vendor / Coordinator / Reporter	Discovery Reporting Validation and Triage Remediation	Evidence of exploitation for an embargoed report	The vulnerability is still under embargo (i.e., the process has not reached the Public Awareness phase yet). Evidence indicates that the vulnerability is being used by attackers.	At this point, the embargo is effectively moot, and the Public Awareness phase is initiated regardless of whether the preceding phases have completed. Vendors, Coordinators, and Reporters should always be ready to immediately terminate an embargo and go public with whatever advice is available at the time that evidence of exploitation becomes known. Even a simple Vendor acknowledgement that the problem is being worked on can help deployers adjust their response accordingly.
Reporter	Reporting	Unable to find vendor contact	The reporter has made reasonable attempts through multiple channels to reach the vendor The reporter has been unable to confirm that the vendor has received the report

Space shortcuts

Page tree