Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Next »

Madison Oliver


prefer verbs in headings for UX/workflow/action headings


example/idealized/common workflow, for a vendor


Submitting a case

Once a reporter has submitted a vulnerability report, they will receive an email with the VRF# (Vulnerability Reporting Form Number) as an acknowledgment of receipt of the report. At this point, the submission is placed in the "Pending" state, shown by the "Pending" tag within the report. Reporters can view their submitted reports that are in the "Pending" state by clicking on "My Vulnerability Reports" in the left menu bar.

If the CERT/CC has questions for the reporter before accepting the case for coordination (while it is still in the "Pending" state), we can comment directly on the VRF# with our questions. When this happens, the reporter will get an email stating that there was an update to their vulnerability report. They will need to log into VINCE and check their vulnerability report for the update.

If a reporter wants to share more information with the CERT/CC while their case is still pending, they can add comments or files directly to the VRF#. To do this, they need to select the VRF# within the "My Vulnerability Reports" page and scroll below their report to find the comment box and file upload area.


Being notified of a case

Your organization will be notified when you are added to an open vulnerability case in the following ways:

  • An email sent to ?? notifying your organization that they have been added to an open vulnerability case
  • A banner


Getting added to a case

Case discussion

other comms: pointer to comms, private thread, PM to coordinator

Attachments/artifacts

Vendor status and statements

vul note/disclosure - be aware of vul note, review draft, comment/feedback, update vendor status, be aware that vul note is published




  • No labels