Jan 21, 2021
Software vulnerability coordination at the CERT Coordination Center (CERT/CC) has traditionally relied on a hub-and-spoke model, with reports submitted to analysts at the CERT/CC analysts who would then work with contact affected vendors. To scale communications and increase the level of collaboration between vulnerability reporters, coordinators, and software vendors, the CERT/CC team has created a web-based platform for software vulnerability reporting and coordination called the Vulnerability Information and Coordination Environment (VINCE). In this SEI Podcast, Emily Sarneso, the architect of VINCE, and Art Manion, technical manager of the Vulnerability Analysis Team in the SEI’s CERT Division, discuss the rollout of VINCE, how to use it, and future work in vulnerability coordination.