Vulnogram icon indicating copy to clipboard operation
Vulnogram copied to clipboard

Published 20 hours ago verified publisher icon Vulnogram

Add an "Are you sure?" button

Open todb-r7 opened this issue 2 years ago • 3 comments

I'm unsure (ironically) on how to best implement this, but I wanted to drop a feature request before I complain about it too much more.

When publishing a CVE from a logged-in session through the CVE portal, I find it odd that there's no "are you sure?" kind of button, since it takes what you have and immediately posts it to cve.org.

I'd like a review step in there. Maybe move the button, actually, to the preview page? Or offer the user a choice? If there was a publish button on the preview page, I would feel far more confident about publishing a change. Today, I hit "Publish" without being able to see the entire record, which feels off.

If you're a weirdo who just wants to yolo your publishing, maybe have a savable checkbox preference of "Yes I'm always sure" or something?

Not a blocker. Not a bug. Just a feature request to enable my cowardice. I just feel like a web/editor front end wants an "Are you sure," while something like a command line utility (that I'm likely to script out) would not.

todb-r7 avatar Mar 16 '23 20:03 todb-r7

Having nearly encountered this behavior, +1 to a confirmation dialog or other accident reduction feature.

When I reserve a CVE ID and draft content to save for later because the vulnerability has not yet been publicly disclosed, I really don't want to blow the entire coordinated disclosure with an errant button click.

Hack: append "-yo-do-not-publish-yet" to the CVE ID which breaks validation.

zmanion avatar Nov 27 '23 22:11 zmanion

I suggest we try this user workflow:

---> Create/Edit a CVE Record in the Editor tab ---> Once all required fields are good, some nudge to bring the user to the Preview Tab (Next button?) ---> User previews the entry as it would show on the CVE.org site ---> Clicks Post to CVE.org button on the preview Tab ---> Results and pointers to successfully published CVE record.

chandanbn avatar Mar 01 '24 20:03 chandanbn

While updating an existing record, showing a diff i.e list of changes before final posting would be helpful in preventing un intended overwrite of existing data. Both the capabilities exist in Vulnogram (json diffs via jsonpatch and a Pug template for rendering changes rendering).

chandanbn avatar Mar 01 '24 21:03 chandanbn