Overview
VINCE has a number of capabilities that will guide you through the coordinated vulnerability disclosure process. This document should help you understand how to navigate the various pages that you will see as a vendor using VINCE.
VINCE Pages
Dashboard
The VINCE Dashboard is the primary location to see active cases associated with your account or vendor.
Inbox
The VINCE Inbox is where you can see messages related to your cases.
Clicking on a message within the VINCE Inbox will allow you to view and reply to the message thread.
Cases
VINCE Cases is where you can view cases that are associated with your account or vendor. Each case, which is tracked with a VU# tracking number as CERT has always used, contains one or more related vulnerabilities that may affect your organization.
By default, you will only see active cases. These are the cases that the CERT/CC is actively working on. To view historic cases, you can adjust the Filter by status drop-down menu to control which cases you see. Clicking on any particular case will bring you to the case details:
Vendor Status
For any case that is being handled, the CERT/CC may add your vendor to be associated with the case. For each vulnerability associated with a case, you should indicate whether your organization is Affected or Not Affected and submit the responses accordingly.
For any case, a Vendor Statement can be provided:
Once submitted, the CERT/CC will review the vendor status information before it is added to any case.
Case Discussion
For any case that you are involved in, you can view and add to the discussion regarding it. The parties on the right side of the screen will all see the discussion.
In the case above, the parties involved in the discussion include the CERT/CC (the coordinator), Madison Oliver (the reporter), and XYZ Company (the vendor).