CERT/CC analysts are available within the Case Discussion for every vulnerability coordination case. Note that any communications posted in the Case Discussion are visible to all participants in the case, including those who may be added to the case in the future. To communicate with the CERT/CC via the Case Discussion:
Navigate to either "Dashboard" or "Cases".
Click the title of the case for which you want to enter the Case Discussion.
Scroll past any already existing messages and enter your message in the text box at the bottom of the page.
Click "Submit".
You can send a Private Message directly to the CERT/CC. Private Messages will be seen only by CERT/CC analysts. Note that any replies sent from the CERT/CC will be visible to the recipient and any VINCE users associated with the recipient's organization (in the case of vendors). To send the CERT/CC a Private Message:
Reporters are able to communicate with the CERT/CC by commenting on the VRF. Note that this method of communication is available only before the VRF has been converted to a VU# for coordination (at which point the Case Discussion should be used) or when the reporter wishes to avoid participating in the Case Discussion. To communicate with the CERT/CC via the VRF:
All vendors included in a case can be reached via the Case Discussion. Note that any communications posted in the Case Discussion are visible to all participants in the case, including those who may be added to the case in the future. To communicate with vendors via the Case Discussion:
Navigate to either "Dashboard" or "Cases".
Click the title of the case for which you want to enter the Case Discussion.
Scroll past any already existing messages and enter your message in the text box at the bottom of the page.
Click "Submit".
VINCE includes the capability for a subset of vendors within a case to communicate with each other via a Private Group Thread. Note that the CERT/CC is included within any Private Group Thread. To request the creation of a Private Group Thread:
Certain case-specific circumstances could cause the reporter to be inaccessible for certain cases. (For example, the reporter may wish to remain anonymous or may choose not to create a VINCE account). However, barring such circumstances, the reporter is included by default within the Case Discussion for every vulnerability coordination case. To communicate with the reporter via the Case Discussion:
Navigate to either "Dashboard" or "Cases".
Click the title of the case for which you want to enter the Case Discussion.
Scroll past any already existing messages and enter your message in the text box at the bottom of the page.
Click "Submit".
----------------
(Rough notes below about the original sketch of this page)
Case discussion (pinned topic, discussion, who is in the room, case history)
VINCEComm ticket comms – what is this called? activity on a ticket, specifically a VRF ticket allows CERT/CC to talk to a reporter who is a VINCE user, called message? activity on case?
inbox – message thread, not a ticket?
PM with CERT/CC - other "send message to CERT/CC" options, inbox > new message
Private thread
For vendors
Receive notification from CERT/CC on new vul report
Providing vendor status