Eric Hatleback

Communicating with Specific Parties in VINCE

Communicating with the CERT/CC

Case Discussion

CERT/CC analysts are available within the Case Discussion for every vulnerability coordination case.  Note that any communications posted in the Case Discussion are visible to all participants in the case, including those who may be added to the case in the future.  To communicate with the CERT/CC via the Case Discussion:


  1. Navigate to either "Dashboard" or "Cases".

  2. Click the title of the case for which you want to enter the Case Discussion.

  3. Scroll past any already existing messages and enter your message in the text box at the bottom of the page.

  4. Click "Submit".

Private Message

You can send a Private Message directly to the CERT/CC.  Private Messages will be seen only by CERT/CC analysts.  Note that any replies sent from the CERT/CC will be visible to the recipient and any VINCE users associated with the recipient's organization (in the case of vendors).  To send the CERT/CC a Private Message:

  1. Navigate to either "Inbox" or the "Case Discussion" for a particular case.
  2. Click the "Private Message CERT/CC" button.
  3. Create your message and select the most appropriate description for your message from the drop-down menu.
  4. Click "Send".

Comment on Vulnerability Reporting Form (VRF)

Reporters are able to communicate with the CERT/CC by commenting on the VRF.  Note that this method of communication is available only before the VRF has been converted to a VU# for coordination (at which point the Case Discussion should be used) or when the reporter wishes to avoid participating in the Case Discussion.  To communicate with the CERT/CC via the VRF:

  1. Navigate to "My Vulnerability Reports".
  2. Click on the appropriate VRF. 
  3. Scroll past any already existing messages and enter your message in the text box at the bottom of the page.
  4. Click "Add Comment".

Communicating with Vendors

Case Discussion

All vendors included in a case can be reached via the Case Discussion.  Note that any communications posted in the Case Discussion are visible to all participants in the case, including those who may be added to the case in the future.  To communicate with vendors via the Case Discussion:

  1. Navigate to either "Dashboard" or "Cases".

  2. Click the title of the case for which you want to enter the Case Discussion.

  3. Scroll past any already existing messages and enter your message in the text box at the bottom of the page.

  4. Click "Submit".

Private Group Thread

VINCE includes the capability for a subset of vendors within a case to communicate with each other via a Private Group Thread.  Note that the CERT/CC is included within any Private Group Thread.  To request the creation of a Private Group Thread:

  1. Navigate to either "Inbox" or the "Case Discussion" for a particular case.
  2. Click the "Private Message CERT/CC" button.
  3. Select "Question about a Case" within the "Why are you contacting us?" drop-down menu.
  4. Select the appropriate Case within the "Case" drop-down menu.
  5. Create your message, being sure to include the specific vendors that you would like to include in the Private Group Thread.
  6. Click "Send".

Communicating with Reporters

Case Discussion

Certain case-specific circumstances could cause the reporter to be inaccessible for certain cases.  (For example, the reporter may wish to remain anonymous or may choose not to create a VINCE account).  However, barring such circumstances, the reporter is included by default within the Case Discussion for every vulnerability coordination case.  To communicate with the reporter via the Case Discussion:

  1. Navigate to either "Dashboard" or "Cases".

  2. Click the title of the case for which you want to enter the Case Discussion.

  3. Scroll past any already existing messages and enter your message in the text box at the bottom of the page.

  4. Click "Submit".


----------------

(Rough notes below about the original sketch of this page)


Case discussion (pinned topic, discussion, who is in the room, case history)

VINCEComm ticket comms – what is this called? activity on a ticket, specifically a VRF ticket allows CERT/CC to talk to a reporter who is a VINCE user, called message? activity on case?

inbox – message thread, not a ticket?




PM with CERT/CC - other "send message to CERT/CC" options, inbox > new message

Private thread


For vendors

Receive notification from CERT/CC on new vul report

Providing vendor status