VINCE icon indicating copy to clipboard operation
VINCE copied to clipboard
verified publisher icon CERTCC

Use story: vendor initiated coordination.

Open chandanbn opened this issue 5 years ago • 2 comments

User story: A vendor wants to share and coordinate a vulnerability with select other vendors.

Current capability: Looks like this can be done by reporting a new issue and then requesting CERT/CC assistance on potentially affected vendors.

Possible incremental enhancement: https://kb.cert.org/vince/comm/report/ --> "Do you believe multiple vendors are affected?" could be enhanced to pick select vendors, have them notified or included in the case immediately.

Ability to directly create and manage cases and access lists would be great.

chandanbn avatar Oct 01 '20 16:10 chandanbn

Can you please clarify if/how this is different from #4?

ahouseholder avatar Oct 02 '20 15:10 ahouseholder

#4 is about expanding the social network of vendors on the VINCE platform via invites or nominations. #3 is about a vendor acting as a reporter/coordinator to report a new case/vulnerability and select an audience of existing vendors on the platform.

chandanbn avatar Oct 13 '20 04:10 chandanbn